Universally Composable Relaxed Password Authenticated Key Exchange

C Gentry; CS Jutla; H Krawczyk; J Katz; J Katz; J Katz; JY Hwang; M Abdalla; M Abdalla; M Abdalla; M Abdalla; M Abdalla; M Bellare; O Goldreich; R Canetti; R Gennaro; S Jarecki; T Bradley; TP Pedersen; V Boyko

Universally Composable Relaxed Password Authenticated Key Exchange

Authors: C Gentry
CS Jutla
H Krawczyk
J Katz
J Katz
J Katz
JY Hwang
M Abdalla
M Abdalla
M Abdalla
M Abdalla
M Abdalla
M Bellare
O Goldreich
R Canetti
R Gennaro
S Jarecki
T Bradley
TP Pedersen
V Boyko
Publication date: 15 March 2020
Publisher: 'Springer Science and Business Media LLC'
Doi

Abstract

International audienceProtocols for password authenticated key exchange (PAKE) allow two parties who share only a weak password to agree on a cryptographic key. We revisit the notion of PAKE in the universal composabil-ity (UC) framework, and propose a relaxation of the PAKE functionality of Canetti et al. that we call lazy-extraction PAKE (lePAKE). Our relaxation allows the ideal-world adversary to postpone its password guess until after a session is complete. We argue that this relaxed notion still provides meaningful security in the password-only setting. As our main result, we show that several PAKE protocols that were previously only proven secure with respect to a "game-based" definition of security can be shown to UC-realize the lePAKE functionality in the random-oracle model. These include SPEKE, SPAKE2, and TBPEKE, the most efficient PAKE schemes currently known