Skip to main content
Book cover

International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2020: Advances in Cryptology – ASIACRYPT 2020 pp 761–784Cite as

Fuzzy Asymmetric Password-Authenticated Key Exchange

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12492)

Abstract

Password-Authenticated Key Exchange (PAKE) lets users with passwords exchange a cryptographic key. There have been two variants of PAKE which make it more applicable to real-world scenarios:

  • Asymmetric PAKE (aPAKE), which aims at protecting a client’s password even if the authentication server is untrusted, and

  • Fuzzy PAKE (fPAKE), which enables key agreement even if passwords of users are noisy, but “close enough”.

Supporting fuzzy password matches eases the use of higher entropy passwords and enables using biometrics and environmental readings (both of which are naturally noisy).

Until now, both variants of PAKE have been considered only in separation. In this paper, we consider both of them simultaneously. We introduce the notion of Fuzzy Asymmetric PAKE (fuzzy aPAKE), which protects against untrusted servers and supports noisy passwords. We formulate our new notion in the Universal Composability framework of Canetti (FOCS’01), which is the preferred model for password-based primitives. We then show that fuzzy aPAKE can be obtained from oblivious transfer and some variant of robust secret sharing (Cramer et al, EC’15). We achieve security against malicious parties while avoiding expensive tools such as non-interactive zero-knowledge proofs. Our construction is round-optimal, with message and password file sizes that are independent of the schemes error tolerance.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-64834-3_26
  • Chapter length: 24 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-64834-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

Notes

  1. 1.

    More precisely, we use a variant of Robust Secret Sharing, which can be instantiated with some class of error-correcting codes. However, since most readers are presumably more familiar with the latter, we describe our constructions in terms of codes.

  2. 2.

    We mention that already the fuzzy PAKE construction for Hamming distance from [DHP+18] relies on both the ideal cipher and random oracle model. Usage of the generic group model (together with a random oracle) has been recently shown useful in constructing strongly secure aPAKEs [BJX19].

  3. 3.

    Recent PAKE protocols [JKX18, BJX19] have offered resistance against so-called precomputation attacks, where an attacker should not be able to pre-compute any values that can be used in the dictionary attack. Our protocols do not offer such guarantees.

  4. 4.

    Formally, we will define our scheme using the more general concept of robust secret sharing. However, for this overview it will be convenient to use the terminology of error-correcting codes.

  5. 5.

    The protocol is not restricted by 1-out-of-2 OT, but can use 1-out-of-n OT for any \(n \in \mathbb {N}\). In this work we consider \(n = 2\), but in practice \(n > 2\) might be useful to reduce the number of wrong shares (e.g. \(n = 2^7\) in case of ASCII encoding).

  6. 6.

    We could alternatively let \(\mathcal {S}\) issue an Impersonate query, but since the password is known issueing TestPwd works just as well.

  7. 7.

    Programming this randomized behavior into the functionality greatly simplifies proving security of \(\varPi _{\textsf {transf}} \) and does not seem to weaken the functionality compared to one using non-randomized equality checks.

References

  1. Muffet, A.: Facebook: password hashing & authentication, presentation at real world crypto (2015)

    Google Scholar 

  2. Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_25

    CrossRef  Google Scholar 

  3. Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion. SIAM J. Comput. 17(2), 210–229 (1988)

    CrossRef  MathSciNet  Google Scholar 

  4. Barreto, P.S.L.M., David, B., Dowsley, R., Morozov, K., Nascimento, A.C.A.: A framework for efficient adaptively secure composable oblivious transfer in the ROM. CoRR, abs/1710.08256 (2017)

    Google Scholar 

  5. Bradley, T., Jarecki, S., Xu, J.: Strong asymmetric PAKE based on trapdoor CKEM. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 798–825. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_26

    CrossRef  Google Scholar 

  6. Boyle, E., LaVigne, R., Vaikuntanathan, V.: Adversarially robust property-preserving hash functions. In: Blum, A. (ed.) ITCS 2019, vol. 124, pp. 16:1–16:20. LIPIcs, January 2019

    Google Scholar 

  7. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press, May 1992

    Google Scholar 

  8. Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 1993, pp. 244–250. ACM Press, November 1993

    Google Scholar 

  9. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_12

    CrossRef  Google Scholar 

  10. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11

    CrossRef  Google Scholar 

  11. Chatterjee, R., Athayle, A., Akhawe, D., Juels, A., Ristenpart, T.: pASSWORD tYPOS and how to correct them securely. In: 2016 IEEE Symposium on Security and Privacy, pp. 799–818. IEEE Computer Society Press, May 2016

    Google Scholar 

  12. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001

    Google Scholar 

  13. Cramer, R., Damgård, I.B., Döttling, N., Fehr, S., Spini, G.: Linear secret sharing schemes from error correcting codes and universal hash functions. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 313–336. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_11

    CrossRef  Google Scholar 

  14. Canetti, R., Dachman-Soled, D., Vaikuntanathan, V., Wee, H.: Efficient password authenticated key exchange via oblivious transfer. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 449–466. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_27

    CrossRef  MATH  Google Scholar 

  15. Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack (extended abstract). In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 90–106. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_7

    CrossRef  Google Scholar 

  16. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_24

    CrossRef  Google Scholar 

  17. Chatterjee, R., Woodage, J., Pnueli, Y., Chowdhury, A., Ristenpart, T.: The TypTop system: personalized typo-tolerant password checking. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 329–346. ACM Press, October/November 2017

    Google Scholar 

  18. Dupont, P.-A., Hesse, J., Pointcheval, D., Reyzin, L., Yakoubov, S.: Fuzzy password-authenticated key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 393–424. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_13

    CrossRef  Google Scholar 

  19. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31

    CrossRef  Google Scholar 

  20. Erwig, A., Hesse, J., Orlt, M., Riahi, S.: Fuzzy asymmetric password-authenticated key exchange. Cryptology ePrint Archive, Report 2020/987 (2020). https://eprint.iacr.org/2020/987

  21. Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_33

    CrossRef  Google Scholar 

  22. Gentry, C., MacKenzie, P., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142–159. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_9

    CrossRef  Google Scholar 

  23. Hesse, J.: Separating standard and asymmetric password-authenticated key exchange. Cryptology ePrint Archive, Report 2019/1064 (2019). https://eprint.iacr.org/2019/1064

  24. Haase, B., Labrique, B.: Aucpace: efficient verifier-based PAKE protocol tailored for the iiot. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 1–48 (2019)

    Google Scholar 

  25. Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_15

    CrossRef  Google Scholar 

  26. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_29

    CrossRef  Google Scholar 

  27. Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_18

    CrossRef  Google Scholar 

  28. McEliece, R.J., Sarwate, D.V.: On sharing secrets and Reed-Solomon codes. Commun. ACM 24(9), 583–584 (1981)

    CrossRef  MathSciNet  Google Scholar 

  29. Peikert, C.: On error correction in the exponent. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 167–183. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_9

    CrossRef  Google Scholar 

  30. Pointcheval, D., Wang, G.: VTBPEKE: verifier-based two-basis password exponential key exchange. In: Karri, R., Sinanoglu, O., Sadeghi, A.-R., Yi, X. (eds.) ASIACCS 2017, pp. 301–312. ACM Press, April 2017

    Google Scholar 

  31. Roth, R.: Introduction to Coding Theory. Cambridge University Press, New York (2006)

    CrossRef  Google Scholar 

  32. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18

    CrossRef  Google Scholar 

  33. Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, October 1986

    Google Scholar 

Download references

Acknowledgments

This work was partly supported by the German Research Foundation (DFG) Emmy Noether Program FA 1320/1-1, by the DFG CRC 1119 CROSSING (project S7), by the German Federal Ministry of Education and Research (BMBF) iBlockchain project (grant nr. 16KIS0902), by the German Federal Ministry of Education and Research and the Hessen State Ministry for Higher Education, Research and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE, by the VeriSec project 16KIS0634 from the Federal Ministry of Education and Research (BMBF), and by the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 786725 – OLYMPUS.

We would like to thank Sophia Yakoubov for helpful discussions on earlier versions of this work.

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Darmstadt, Germany

    Andreas Erwig, Maximilian Orlt & Siavash Riahi

  2. IBM Research, Zurich, Switzerland

    Julia Hesse

Authors
  1. Andreas Erwig
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julia Hesse
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maximilian Orlt
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Siavash Riahi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Siavash Riahi .

Editor information

Editors and Affiliations

  1. Network Security Research Institute (NICT), Tokyo, Japan

    Shiho Moriai

  2. Nanyang Technological University, Singapore, Singapore

    Huaxiong Wang

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 International Association for Cryptologic Research

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Erwig, A., Hesse, J., Orlt, M., Riahi, S. (2020). Fuzzy Asymmetric Password-Authenticated Key Exchange. In: Moriai, S., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2020. ASIACRYPT 2020. Lecture Notes in Computer Science(), vol 12492. Springer, Cham. https://doi.org/10.1007/978-3-030-64834-3_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64834-3_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64833-6

  • Online ISBN: 978-3-030-64834-3

  • eBook Packages: Computer ScienceComputer Science (R0)