IND-PCA Secure KEM Is Enough for Password-Based Authenticated Key Exchange (Short Paper)
There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.
In this paper, we show that IND-PCA secure key encapsulation mechanism (KEM) is enough for PAKE, which is weaker and easier to be constructed than IND-CCA secure encryption. Our refined PAKE consists of a smooth projective hash function on IND-CPA secure encryption and an IND-PCA secure KEM. Based on DDH assumption, the total communication of PAKE consists of 6 group elements and \(\log |D|\) (D is the set of password) bits, while before this, the most efficient PAKE contains 7 group elements.
KeywordsPassword-based authenticated key exchange Smooth projective hash functions IND-PCA secure KEM
Haiyang Xue are supported by the Foundation of Science and Technology on Communication Security Laboratory (9140C110206150C11049) and National Natural Science Foundation of China (No. 61602473, 61502480, 61672019). Bao Li is supported by the Foundation of Science and Technology on Communication Security Laboratory (9140C110206150C11049) and the National Natural Science Foundation of China (No. 61379137). Xianhui Lu is supported by the National Natural Science Foundation of China (No. 61572495).
- 2.Bellovin, M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
- 7.Choi, S.G., Herranz, J., Hofheinz, D., Hwang, J.Y., Kiltz, E., Lee, D.H., Yung, M.: The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure. Inf. Process. Lett. 109(16), 897–901 (2009)Google Scholar
- 10.Groce, A., Katz, J.: A new framework for efficient password-based authenticated key exchange. In: ACM Conference on Computer and Communications Security, pp. 516–525 (2010)Google Scholar