Abstract
Fuzzy Password-Authenticated Key Exchange (fuzzy PAKE) allows cryptographic keys to be generated from authentication data that is both fuzzy and of low entropy. The strong protection against offline attacks offered by fuzzy PAKE opens an interesting avenue towards secure biometric authentication, typo-tolerant password authentication, and automated IoT device pairing. Previous constructions of fuzzy PAKE are either based on Error Correcting Codes (ECC) or generic multi-party computation techniques such as Garbled Circuits. While ECC-based constructions are significantly more efficient, they rely on multiple special properties of error correcting codes such as maximum distance separability and smoothness.
We contribute to the line of research on fuzzy PAKE in two ways. First, we identify a subtle but devastating gap in the security analysis of the currently most efficient fuzzy PAKE construction (Dupont et al., Eurocrypt 2018), allowing a man-in-the-middle attacker to test individual password characters. Second, we provide a new fuzzy PAKE scheme based on ECC and PAKE that provides a built-in protection against individual password character guesses and requires fewer, more standard properties of the underlying ECC. Additionally, our construction offers better error correction capabilities than previous ECC-based fuzzy PAKEs.
J. Hesse—Author supported by the Swiss National Science Foundation (SNSF) under the AMBIZIONE grant “Cryptographic Protocols for Human Authentication and the IoT”. J. Ottenhues—
Author partially funded by the EU-funded Marie Curie ITN TReSPAsS-ETN project under the grant agreement 860813.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
[Hv22] provides an excellent overview of PAKEs in the literature, also mentioning other approaches than building PAKEs through Diffie-Hellman.
- 2.
Dupont et al. [DHP+18] use the terminology of robust secret sharing (RSS) instead of error-correcting codes, and show how to instantiate RSS with ECC. In this work, we state their construction in terms of an ECC, as it enables better comparison with our protocol.
- 3.
More precisely, and for the reader who is familiar with the Universal Composability framework [Can01]: In Sect. 3.2, we argue that the split transformation of Barak et al. [BCL+05] cannot be meaningfully applied to transform a hybrid protocol that assumes authenticated channels, to a version that is secure with unauthenticated channels. In a nutshell, the reason is that the hybrid building blocks are unaffected by the transformation and do not carry any authentication guarantees.
- 4.
As already discussed in the introduction, Dupont et al. [DHP+18] use the terminology of Robust Secret Sharing instead of ECC.
- 5.
This is an oversimplified statement as the transformed protocol does not realize \(\mathcal {F} \) but its split variant, denoted \(s\mathcal {F} \). See the work of Barak et al. [BCL+05] for more details.
References
Agrawal, S., Badrinarayanan, S., Mohassel, P., Mukherjee, P., Patranabis, S.: BETA: biometric-enabled threshold authentication. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 290–318. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_11
Agrawal, S., Badrinarayanan, S., Mukherjee, P., Rindal, P.: Game-set-MATCH: using mobile devices for seamless external-facing biometric matching. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1351–1370. ACM Press (2020)
WiFi Alliance. WPA3 specification version 3.1 (2022). https://www.wi-fi.org/download.php?file=/sites/default/files/private/WPA3%20Specification%20v3.1.pdf
Barbosa, M., Boldyreva, A., Chen, S., Warinschi, B.: Provable security analysis of FIDO2. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 125–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_5
Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion, vol. 17, pp. 210–229 (1988)
Barak, B., Canetti, R., Lindell, Y., Pass, R., Rabin, T.: Secure computation without authentication. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 361–377. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_22
Bootle, J., Chiesa, A., Liu, S.: Zero-knowledge IOPs with linear-time prover and polylogarithmic-time verifier. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 275–304. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07085-3_10
Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE|AA protocol for machine readable travel documents, and its security. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 344–358. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_25
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_9
Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_3
Bender, J., Fischlin, M., Kügler, D.: The PACE|CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03491-1_2
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press (1992)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_12
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11
Chatterjee, R., Athayle, A., Akhawe, D., Juels, A., Ristenpart, T.: pASSWORD tYPOS and how to correct them securely. In: 2016 IEEE Symposium on Security and Privacy, pp. 799–818. IEEE Computer Society Press (2016)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press (2001)
Chen, H., Cramer, R., Goldwasser, S., de Haan, R., Vaikuntanathan, V.: Secure computation from random error correcting codes. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 291–310. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_17
Cramer, R., Damgård, I., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)
Cramer, R., Damgård, I.B., Döttling, N., Fehr, S., Spini, G.: Linear secret sharing schemes from error correcting codes and universal hash functions. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 313–336. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_11
Canetti, R., Fuller, B., Paneth, O., Reyzin, L., Smith, A.: Reusable fuzzy extractors for low-entropy distributions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 117–146. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_5
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_24
Cremers, C., Naor, M., Paz, S., Ronen, E.: CHIP and CRISP: protecting all parties against compromise through identity-binding PAKEs. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part II. LNCS, vol. 13508, pp. 668–698. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15979-4_23
Chatterjee, R., Woodage, J., Pnueli, Y., Chowdhury, A., Ristenpart, T.: The TypTop system: personalized typo-tolerant password checking. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 329–346. ACM Press (2017)
Dupont, P.-A., Hesse, J., Pointcheval, D., Reyzin, L., Yakoubov, S.: Fuzzy password-authenticated key exchange. Cryptology ePrint Archive, Paper 2017/1111 (2017). https://eprint.iacr.org/2017/1111
Dupont, P.-A., Hesse, J., Pointcheval, D., Reyzin, L., Yakoubov, S.: Fuzzy password-authenticated key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 393–424. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_13
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Erwig, A., Hesse, J., Orlt, M., Riahi, S.: Fuzzy asymmetric password-authenticated key exchange. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 761–784. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_26
Guruswami, V.: Algorithmic results in list decoding. Found. Trends Theor. Comput. Sci. 2(2), 107–195 (2006)
Haase, B., Labrique, B.: AuCPace: efficient verifier-based PAKE protocol tailored for the IIoT. IACR TCHES 2019(2), 1–48 (2019). https://tches.iacr.org/index.php/TCHES/article/view/7384
Hao, F., Shahandashti, S.F.: The SPEKE protocol revisited. IACR Cryptology ePrint Archive, p. 585 (2014)
Hao, F., van Oorschot, P.C.: SoK: password-authenticated key exchange - theory, practice, standardization and real-world lessons. In: Suga, Y., Sakurai, K., Ding, X., Sako, K. (eds.) ASIACCS 2022, pp. 697–711. ACM Press (2022)
Jablon, D.P.: Strong password-only authenticated key exchange. Comput. Commun. Rev. 26(5), 5–26 (1996)
Jiang, M., Liu, S., Han, S., Gu, D.: Fuzzy authenticated key exchange with tight security. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022, Part II. LNCS, vol. 13555, pp. 337–360. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17146-8_17
Kulhandjian, M., Rudra, A.: Lecture 27: Berlekamp-welch algorithm (2007)
MacKenzie, P.: On the security of the SPEKE password-authenticated key exchange protocol. IACR Cryptology ePrint Archive, p. 57 (2001)
McEliece, R.J.: The guruswami-sudan decoding algorithm for reed-solomon codes. IPN Progress Report 42-153 (2003)
Nielsen, J.S.R.: List decoding of algebraic codes (2013)
Pongmorrakot, T., Chatterjee, R.: tPAKE: typo-tolerant password-authenticated key exchange. In: Batina, L., Picek, S., Mondal, M. (eds.) SPACE 2020. LNCS, vol. 12586, pp. 3–24. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-66626-2_1
Renner, R., Wolf, S.: The exact price for unconditionally secure asymmetric cryptography. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 109–125. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_7
Roy, L., Xu, J.: A universally composable PAKE with zero communication cost. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC 2023, Part I. LNCS, vol. 13940, pp. 714–743. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-31368-4_25
Weiss, M.: Secure computation and probabilistic checking (2016)
Wang, M., He, K., Chen, J., Li, Z., Zhao, W., Du, R.: Biometrics-authenticated key exchange for secure messaging. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 2618–2631. ACM Press (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Bootle, J., Faller, S., Hesse, J., Hostáková, K., Ottenhues, J. (2023). Generalized Fuzzy Password-Authenticated Key Exchange from Error Correcting Codes. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology – ASIACRYPT 2023. ASIACRYPT 2023. Lecture Notes in Computer Science, vol 14445. Springer, Singapore. https://doi.org/10.1007/978-981-99-8742-9_4
Download citation
DOI: https://doi.org/10.1007/978-981-99-8742-9_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8741-2
Online ISBN: 978-981-99-8742-9
eBook Packages: Computer ScienceComputer Science (R0)