A Universally Composable PAKE with Zero Communication Cost: (And Why It Shouldn’t Be Considered UC-Secure)

Lawrence Roy*, Jiayu Xu

*Corresponding author af dette arbejde

Publikation: Bidrag til bog/antologi/rapport/proceedingKonferencebidrag i proceedingsForskningpeer review

Abstract

A Password-Authenticated Key Exchange (PAKE) protocol allows two parties to agree upon a cryptographic key, when the only information shared in advance is a low-entropy password. The standard security notion for PAKE (Canetti et al., Eurocrypt 2005) is in the Universally Composable (UC) framework. We show that unlike most UC security notions, UC PAKE does not imply correctness. While Canetti et al. has briefly noticed this issue, we present the first comprehensive study of correctness in UC PAKE: 1.We show that TrivialPAKE, a no-message protocol that does not satisfy correctness, is a UC PAKE;2.We propose nine approaches to guaranteeing correctness in the UC security notion of PAKE, and show that seven of them are equivalent, whereas the other two are unachievable;3.We prove that a direct solution, namely changing the UC PAKE functionality to incorporate correctness, is impossible;4.Finally, we show how to naturally incorporate correctness by changing the model—we view PAKE as a three-party protocol, with the man-in-the-middle adversary as the third party. In this way, we hope to shed some light on the very nature of UC-security in the man-in-the-middle setting.

OriginalsprogEngelsk
TitelPublic-Key Cryptography – PKC 2023 : 26th IACR International Conference on Practice and Theory of Public-Key Cryptography, Atlanta, GA, USA, May 7–10, 2023, Proceedings, Part I
RedaktørerAlexandra Boldyreva, Vladimir Kolesnikov
Antal sider30
UdgivelsesstedCham
ForlagSpringer
Publikationsdatomaj 2023
Sider714-743
ISBN (Trykt)978-3-031-31367-7
ISBN (Elektronisk)978-3-031-31368-4
DOI
StatusUdgivet - maj 2023
Begivenhed26th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2023 - Atlanta, USA
Varighed: 7 maj 202310 maj 2023

Konference

Konference26th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2023
Land/OmrådeUSA
ByAtlanta
Periode07/05/202310/05/2023
NavnLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Vol/bind13940
ISSN0302-9743

Fingeraftryk

Dyk ned i forskningsemnerne om 'A Universally Composable PAKE with Zero Communication Cost: (And Why It Shouldn’t Be Considered UC-Secure)'. Sammen danner de et unikt fingeraftryk.

Citationsformater