Skip to main content
SpringerLink
Log in

Generalized Fuzzy Password-Authenticated Key Exchange from Error Correcting Codes

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2023 (ASIACRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14445))

Abstract

Fuzzy Password-Authenticated Key Exchange (fuzzy PAKE) allows cryptographic keys to be generated from authentication data that is both fuzzy and of low entropy. The strong protection against offline attacks offered by fuzzy PAKE opens an interesting avenue towards secure biometric authentication, typo-tolerant password authentication, and automated IoT device pairing. Previous constructions of fuzzy PAKE are either based on Error Correcting Codes (ECC) or generic multi-party computation techniques such as Garbled Circuits. While ECC-based constructions are significantly more efficient, they rely on multiple special properties of error correcting codes such as maximum distance separability and smoothness.

We contribute to the line of research on fuzzy PAKE in two ways. First, we identify a subtle but devastating gap in the security analysis of the currently most efficient fuzzy PAKE construction (Dupont et al., Eurocrypt 2018), allowing a man-in-the-middle attacker to test individual password characters. Second, we provide a new fuzzy PAKE scheme based on ECC and PAKE that provides a built-in protection against individual password character guesses and requires fewer, more standard properties of the underlying ECC. Additionally, our construction offers better error correction capabilities than previous ECC-based fuzzy PAKEs.

J. Hesse—Author supported by the Swiss National Science Foundation (SNSF) under the AMBIZIONE grant “Cryptographic Protocols for Human Authentication and the IoT”. J. Ottenhues—

Author partially funded by the EU-funded Marie Curie ITN TReSPAsS-ETN project under the grant agreement 860813.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    [Hv22] provides an excellent overview of PAKEs in the literature, also mentioning other approaches than building PAKEs through Diffie-Hellman.

  2. 2.

    Dupont et al. [DHP+18] use the terminology of robust secret sharing (RSS) instead of error-correcting codes, and show how to instantiate RSS with ECC. In this work, we state their construction in terms of an ECC, as it enables better comparison with our protocol.

  3. 3.

    More precisely, and for the reader who is familiar with the Universal Composability framework [Can01]: In Sect. 3.2, we argue that the split transformation of Barak et al. [BCL+05] cannot be meaningfully applied to transform a hybrid protocol that assumes authenticated channels, to a version that is secure with unauthenticated channels. In a nutshell, the reason is that the hybrid building blocks are unaffected by the transformation and do not carry any authentication guarantees.

  4. 4.

    As already discussed in the introduction, Dupont et al. [DHP+18] use the terminology of Robust Secret Sharing instead of ECC.

  5. 5.

    This is an oversimplified statement as the transformed protocol does not realize \(\mathcal {F} \) but its split variant, denoted \(s\mathcal {F} \). See the work of Barak et al. [BCL+05] for more details.

References

  1. Agrawal, S., Badrinarayanan, S., Mohassel, P., Mukherjee, P., Patranabis, S.: BETA: biometric-enabled threshold authentication. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 290–318. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_11

    Chapter  Google Scholar 

  2. Agrawal, S., Badrinarayanan, S., Mukherjee, P., Rindal, P.: Game-set-MATCH: using mobile devices for seamless external-facing biometric matching. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1351–1370. ACM Press (2020)

    Google Scholar 

  3. WiFi Alliance. WPA3 specification version 3.1 (2022). https://www.wi-fi.org/download.php?file=/sites/default/files/private/WPA3%20Specification%20v3.1.pdf

  4. Barbosa, M., Boldyreva, A., Chen, S., Warinschi, B.: Provable security analysis of FIDO2. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 125–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_5

    Chapter  Google Scholar 

  5. Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion, vol. 17, pp. 210–229 (1988)

    Google Scholar 

  6. Barak, B., Canetti, R., Lindell, Y., Pass, R., Rabin, T.: Secure computation without authentication. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 361–377. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_22

    Chapter  Google Scholar 

  7. Bootle, J., Chiesa, A., Liu, S.: Zero-knowledge IOPs with linear-time prover and polylogarithmic-time verifier. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 275–304. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07085-3_10

    Chapter  Google Scholar 

  8. Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE|AA protocol for machine readable travel documents, and its security. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 344–358. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_25

    Chapter  Google Scholar 

  9. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_9

    Chapter  Google Scholar 

  10. Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_3

    Chapter  Google Scholar 

  11. Bender, J., Fischlin, M., Kügler, D.: The PACE|CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03491-1_2

    Chapter  Google Scholar 

  12. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press (1992)

    Google Scholar 

  13. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_12

    Chapter  Google Scholar 

  14. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11

    Chapter  Google Scholar 

  15. Chatterjee, R., Athayle, A., Akhawe, D., Juels, A., Ristenpart, T.: pASSWORD tYPOS and how to correct them securely. In: 2016 IEEE Symposium on Security and Privacy, pp. 799–818. IEEE Computer Society Press (2016)

    Google Scholar 

  16. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press (2001)

    Google Scholar 

  17. Chen, H., Cramer, R., Goldwasser, S., de Haan, R., Vaikuntanathan, V.: Secure computation from random error correcting codes. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 291–310. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_17

    Chapter  Google Scholar 

  18. Cramer, R., Damgård, I., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)

    Book  Google Scholar 

  19. Cramer, R., Damgård, I.B., Döttling, N., Fehr, S., Spini, G.: Linear secret sharing schemes from error correcting codes and universal hash functions. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 313–336. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_11

    Chapter  Google Scholar 

  20. Canetti, R., Fuller, B., Paneth, O., Reyzin, L., Smith, A.: Reusable fuzzy extractors for low-entropy distributions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 117–146. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_5

    Chapter  Google Scholar 

  21. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_24

    Chapter  Google Scholar 

  22. Cremers, C., Naor, M., Paz, S., Ronen, E.: CHIP and CRISP: protecting all parties against compromise through identity-binding PAKEs. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part II. LNCS, vol. 13508, pp. 668–698. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15979-4_23

    Chapter  Google Scholar 

  23. Chatterjee, R., Woodage, J., Pnueli, Y., Chowdhury, A., Ristenpart, T.: The TypTop system: personalized typo-tolerant password checking. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 329–346. ACM Press (2017)

    Google Scholar 

  24. Dupont, P.-A., Hesse, J., Pointcheval, D., Reyzin, L., Yakoubov, S.: Fuzzy password-authenticated key exchange. Cryptology ePrint Archive, Paper 2017/1111 (2017). https://eprint.iacr.org/2017/1111

  25. Dupont, P.-A., Hesse, J., Pointcheval, D., Reyzin, L., Yakoubov, S.: Fuzzy password-authenticated key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 393–424. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_13

    Chapter  Google Scholar 

  26. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)

    Article  MathSciNet  Google Scholar 

  27. Erwig, A., Hesse, J., Orlt, M., Riahi, S.: Fuzzy asymmetric password-authenticated key exchange. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 761–784. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_26

    Chapter  Google Scholar 

  28. Guruswami, V.: Algorithmic results in list decoding. Found. Trends Theor. Comput. Sci. 2(2), 107–195 (2006)

    Article  MathSciNet  Google Scholar 

  29. Haase, B., Labrique, B.: AuCPace: efficient verifier-based PAKE protocol tailored for the IIoT. IACR TCHES 2019(2), 1–48 (2019). https://tches.iacr.org/index.php/TCHES/article/view/7384

  30. Hao, F., Shahandashti, S.F.: The SPEKE protocol revisited. IACR Cryptology ePrint Archive, p. 585 (2014)

    Google Scholar 

  31. Hao, F., van Oorschot, P.C.: SoK: password-authenticated key exchange - theory, practice, standardization and real-world lessons. In: Suga, Y., Sakurai, K., Ding, X., Sako, K. (eds.) ASIACCS 2022, pp. 697–711. ACM Press (2022)

    Google Scholar 

  32. Jablon, D.P.: Strong password-only authenticated key exchange. Comput. Commun. Rev. 26(5), 5–26 (1996)

    Article  Google Scholar 

  33. Jiang, M., Liu, S., Han, S., Gu, D.: Fuzzy authenticated key exchange with tight security. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022, Part II. LNCS, vol. 13555, pp. 337–360. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17146-8_17

    Chapter  Google Scholar 

  34. Kulhandjian, M., Rudra, A.: Lecture 27: Berlekamp-welch algorithm (2007)

    Google Scholar 

  35. MacKenzie, P.: On the security of the SPEKE password-authenticated key exchange protocol. IACR Cryptology ePrint Archive, p. 57 (2001)

    Google Scholar 

  36. McEliece, R.J.: The guruswami-sudan decoding algorithm for reed-solomon codes. IPN Progress Report 42-153 (2003)

    Google Scholar 

  37. Nielsen, J.S.R.: List decoding of algebraic codes (2013)

    Google Scholar 

  38. Pongmorrakot, T., Chatterjee, R.: tPAKE: typo-tolerant password-authenticated key exchange. In: Batina, L., Picek, S., Mondal, M. (eds.) SPACE 2020. LNCS, vol. 12586, pp. 3–24. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-66626-2_1

    Chapter  Google Scholar 

  39. Renner, R., Wolf, S.: The exact price for unconditionally secure asymmetric cryptography. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 109–125. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_7

    Chapter  Google Scholar 

  40. Roy, L., Xu, J.: A universally composable PAKE with zero communication cost. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC 2023, Part I. LNCS, vol. 13940, pp. 714–743. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-31368-4_25

    Chapter  Google Scholar 

  41. Weiss, M.: Secure computation and probabilistic checking (2016)

    Google Scholar 

  42. Wang, M., He, K., Chen, J., Li, Z., Zhao, W., Du, R.: Biometrics-authenticated key exchange for secure messaging. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 2618–2631. ACM Press (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Research Europe – Zurich, Zürich, Switzerland

    Jonathan Bootle, Sebastian Faller & Julia Hesse

  2. ETH Zurich, Zürich, Switzerland

    Sebastian Faller & Kristina Hostáková

  3. University of St. Gallen, St. Gallen, Switzerland

    Johannes Ottenhues

Authors
  1. Jonathan Bootle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastian Faller
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Julia Hesse
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kristina Hostáková
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Johannes Ottenhues
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johannes Ottenhues .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Jian Guo

  2. Monash University, Melbourne, VIC, Australia

    Ron Steinfeld

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bootle, J., Faller, S., Hesse, J., Hostáková, K., Ottenhues, J. (2023). Generalized Fuzzy Password-Authenticated Key Exchange from Error Correcting Codes. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology – ASIACRYPT 2023. ASIACRYPT 2023. Lecture Notes in Computer Science, vol 14445. Springer, Singapore. https://doi.org/10.1007/978-981-99-8742-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-8742-9_4

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-8741-2

  • Online ISBN: 978-981-99-8742-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation