A Universally Composable PAKE with Zero Communication Cost: (And Why It Shouldn’t Be Considered UC-Secure)

Lawrence Roy*, Jiayu Xu

*Corresponding author for this work

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review

1 Citation (Scopus)

Abstract

A Password-Authenticated Key Exchange (PAKE) protocol allows two parties to agree upon a cryptographic key, when the only information shared in advance is a low-entropy password. The standard security notion for PAKE (Canetti et al., Eurocrypt 2005) is in the Universally Composable (UC) framework. We show that unlike most UC security notions, UC PAKE does not imply correctness. While Canetti et al. has briefly noticed this issue, we present the first comprehensive study of correctness in UC PAKE: 1.We show that TrivialPAKE, a no-message protocol that does not satisfy correctness, is a UC PAKE;2.We propose nine approaches to guaranteeing correctness in the UC security notion of PAKE, and show that seven of them are equivalent, whereas the other two are unachievable;3.We prove that a direct solution, namely changing the UC PAKE functionality to incorporate correctness, is impossible;4.Finally, we show how to naturally incorporate correctness by changing the model—we view PAKE as a three-party protocol, with the man-in-the-middle adversary as the third party. In this way, we hope to shed some light on the very nature of UC-security in the man-in-the-middle setting.

Original languageEnglish
Title of host publicationPublic-Key Cryptography – PKC 2023 : 26th IACR International Conference on Practice and Theory of Public-Key Cryptography, Atlanta, GA, USA, May 7–10, 2023, Proceedings, Part I
EditorsAlexandra Boldyreva, Vladimir Kolesnikov
Number of pages30
Place of publicationCham
PublisherSpringer
Publication dateMay 2023
Pages714-743
ISBN (Print)978-3-031-31367-7
ISBN (Electronic)978-3-031-31368-4
DOIs
Publication statusPublished - May 2023
Event26th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2023 - Atlanta, United States
Duration: 7 May 202310 May 2023

Conference

Conference26th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2023
Country/TerritoryUnited States
CityAtlanta
Period07/05/202310/05/2023
SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13940
ISSN0302-9743

Fingerprint

Dive into the research topics of 'A Universally Composable PAKE with Zero Communication Cost: (And Why It Shouldn’t Be Considered UC-Secure)'. Together they form a unique fingerprint.

Cite this