Skip to main content
SpringerLink
Log in

Provably Secure Password Authenticated Key Exchange Based on RLWE for the Post-Quantum World

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2017 (CT-RSA 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10159))

Included in the following conference series:

Abstract

Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. Password-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in [19] to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols \(\mathsf {PAK}\) and \(\mathsf {PPK}\) [13, 41], but in the lattice-based setting. The new protocol resembling \(\mathsf {PAK}\) is three-pass, and provides mutual explicit authentication, while the protocol following the structure of \(\mathsf {PPK}\) is two-pass, and provides implicit authentication. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to \(\mathsf {PAK}\) and \(\mathsf {PPK}\), which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for \(\mathsf {PAK}\) and \(\mathsf {PPK}\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Some impractical yet complexity-theoretically efficient protocols have been studied, for theoretical reasons. See e.g. [25, 26, 43].

  2. 2.

    In particular, they use universal hash proof systems [17] over complex languages.

  3. 3.

    A CRS is essentially a publicly available string to which a secret trapdoor is theoretically associated, but never used by protocol participants. During a proof of security, the simulator gets access to this trapdoor.

  4. 4.

    The ROM is one of them; another is the ideal cipher model, see [6].

  5. 5.

    We purposefully excluded the hint w from the session identifier in order to avoid a trivial bit-flipping attack that makes the proof fail in theory, but otherwise leaves the protocol security unaffected.

References

  1. Abdalla, M., Benhamouda, F., MacKenzie, P.: Security of the J-PAKE password-authenticated key exchange protocol. In: 2015 IEEE Symposium on Security and Privacy (2015)

    Google Scholar 

  2. Abdalla, M., Benhamouda, F., Pointcheval, D.: Public-key encryption indistinguishable under plaintext-checkable attacks. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 332–352. Springer, Berlin (2015). doi:10.1007/978-3-662-46447-2_15

    Google Scholar 

  3. Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 335–351. Springer, Berlin (2008). doi:10.1007/978-3-540-79263-5_22

    Chapter  Google Scholar 

  4. Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Berlin (2005). doi:10.1007/978-3-540-30580-4_6

    Chapter  Google Scholar 

  5. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange-a new hope. In: 25th USENIX Security Symposium, USENIX Security 16, pp. 327–343 (2016)

    Google Scholar 

  6. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Berlin (2000). doi:10.1007/3-540-45539-6_11

    Chapter  Google Scholar 

  7. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Berlin (1994). doi:10.1007/3-540-48329-2_21

    Chapter  Google Scholar 

  8. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 62–73. ACM, New York (1993)

    Google Scholar 

  9. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72–84, 4–6 May 1992

    Google Scholar 

  10. Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Berlin (2011). doi:10.1007/978-3-642-25385-0_3

    Chapter  Google Scholar 

  11. Bos, J., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., Raghunathan, A., Stebila, D.: Frodo: Take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)

    Google Scholar 

  12. Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 553–570. IEEE (2015)

    Google Scholar 

  13. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Berlin (2000). doi:10.1007/3-540-45539-6_12

    Chapter  Google Scholar 

  14. Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM Conference on Computer and Communications Security. ACM (2003)

    Google Scholar 

  15. Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Berlin (2004). doi:10.1007/978-3-540-24632-9_11

    Chapter  Google Scholar 

  16. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Berlin (2005). doi:10.1007/11426639_24

    Chapter  Google Scholar 

  17. Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Berlin (2002). doi:10.1007/3-540-46035-7_4

    Chapter  Google Scholar 

  18. Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2, 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  19. Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012/688 (2012)

    Google Scholar 

  20. Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 467–484. Springer, Berlin (2012). doi:10.1007/978-3-642-30057-8_28

    Chapter  Google Scholar 

  21. Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 83–94. ACM, New York (2013)

    Google Scholar 

  22. Gennaro, R.: Faster and shorter password-authenticated key exchange. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 589–606. Springer, Berlin (2008). doi:10.1007/978-3-540-78524-8_32

    Chapter  Google Scholar 

  23. Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Berlin (2003). doi:10.1007/3-540-39200-9_33

    Chapter  Google Scholar 

  24. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 197–206. ACM, New York (2008)

    Google Scholar 

  25. Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Berlin (2001). doi:10.1007/3-540-44647-8_24

    Chapter  Google Scholar 

  26. Goyal, V., Jain, A., Ostrovsky, R.: Password-authenticated session-key generation on the internet in the plain model. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 277–294. Springer, Berlin (2010). doi:10.1007/978-3-642-14623-7_15

    Chapter  Google Scholar 

  27. Groce, A., Katz, J.: A new framework for efficient password-based authenticated key exchange. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 516–525. ACM, New York (2010)

    Google Scholar 

  28. Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2, 230–268 (1999)

    Article  Google Scholar 

  29. Hao, F., Ryan, P.: J-PAKE: authenticated key exchange without PKI. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science XI. LNCS, vol. 6480, pp. 192–206. Springer, Berlin (2010). doi:10.1007/978-3-642-17697-5_10

    Chapter  Google Scholar 

  30. Jablon, D.P.: Strong password-only authenticated key exchange. ACM SIGCOMM Comput. Commun. Rev. 5, 5–26 (1996)

    Article  Google Scholar 

  31. Jiang, S., Gong, G.: Password based key exchange with mutual authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 267–279. Springer, Berlin (2004). doi:10.1007/978-3-540-30564-4_19

    Chapter  Google Scholar 

  32. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Berlin (2001). doi:10.1007/3-540-44987-6_29

    Chapter  Google Scholar 

  33. Katz, J., Vaikuntanathan, V.: Smooth projective hashing and password-based authenticated key exchange from lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 636–652. Springer, Berlin (2009). doi:10.1007/978-3-642-10366-7_37

    Chapter  Google Scholar 

  34. Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Berlin (2011). doi:10.1007/978-3-642-19571-6_18

    Chapter  Google Scholar 

  35. Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Berlin (2005). doi:10.1007/11535218_33

    Chapter  Google Scholar 

  36. Kwon, T.: Authentication and key agreement via memorable password. In: ISOC Network and Distributed System Security Symposium (2001)

    Google Scholar 

  37. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Berlin (2011). doi:10.1007/978-3-642-19074-2_21

    Chapter  Google Scholar 

  38. Lucks, S.: Open key exchange: how to defeat dictionary attacks without encrypting public keys. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79–90. Springer, Berlin (1998). doi:10.1007/BFb0028161

    Chapter  Google Scholar 

  39. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Berlin (2010). doi:10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  40. MacKenzie, P.: On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. Cryptology ePrint Archive, Report 2001/057 (2001)

    Google Scholar 

  41. MacKenzie, P.: The PAK Suite: Protocols for Password-Authenticated Key Exchange. DIMACS Technical report 2002-46 (2002). p. 7

    Google Scholar 

  42. Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37, 267–302 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  43. Nguyen, M.-H., Vadhan, S.: Simpler session-key generation from short random passwords. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 428–445. Springer, Berlin (2004). doi:10.1007/978-3-540-24638-1_24

    Chapter  Google Scholar 

  44. NSA: Commercial national security algorithm suite (2015). https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

  45. Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197–219. Springer, Cham (2014). doi:10.1007/978-3-319-11659-4_12

    Google Scholar 

  46. Shoup, V.: On Formal Models for Secure Key Exchange. Cryptology ePrint Archive, Report 1999/012 (1999)

    Google Scholar 

  47. Unruh, D.: Quantum position verification in the random oracle model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 1–18. Springer, Berlin (2014). doi:10.1007/978-3-662-44381-1_1

    Chapter  Google Scholar 

  48. Unruh, D.: Revocable quantum timed-release encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 129–146. Springer, Berlin (2014). doi:10.1007/978-3-642-55220-5_8

    Chapter  Google Scholar 

  49. Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758–775. Springer, Berlin (2012). doi:10.1007/978-3-642-32009-5_44

    Chapter  Google Scholar 

  50. Zhang, J., Zhang, Z., Ding, J., Snook, M., Dagdelen, Ö.: Authenticated key exchange from ideal lattices. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 719–751. Springer, Berlin (2015). doi:10.1007/978-3-662-46803-6_24

    Google Scholar 

Download references

Acknowledgments

Many thanks to the reviewers for their comments and Peter Ryan for the useful discussions. We would also like to thank the NSF for its partial support. Finally, the third author was supported by the National Research Fund, Luxembourg (CORE project aToMS and INTER project Sequoia).

Author information

Authors and Affiliations

  1. University of Cincinnati, Cincinnati, USA

    Jintai Ding, Saed Alsayigh, Saraswathy RV & Michael Snook

  2. University of Luxembourg, Luxembourg City, Luxembourg

    Jean Lancrenon

Authors
  1. Jintai Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saed Alsayigh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean Lancrenon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saraswathy RV
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michael Snook
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jintai Ding .

Editor information

Editors and Affiliations

  1. Cryptography Research Inc. , San Francisco, California, USA

    Helena Handschuh

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ding, J., Alsayigh, S., Lancrenon, J., RV, S., Snook, M. (2017). Provably Secure Password Authenticated Key Exchange Based on RLWE for the Post-Quantum World. In: Handschuh, H. (eds) Topics in Cryptology – CT-RSA 2017. CT-RSA 2017. Lecture Notes in Computer Science(), vol 10159. Springer, Cham. https://doi.org/10.1007/978-3-319-52153-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52153-4_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52152-7

  • Online ISBN: 978-3-319-52153-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation