A Generic Construction of Tightly Secure Password-Based Authenticated Key Exchange
Peer reviewed, Journal article
Accepted version
Permanent lenke
https://hdl.handle.net/11250/3115684Utgivelsesdato
2023Metadata
Vis full innførselSamlinger
- Institutt for matematiske fag [2440]
- Publikasjoner fra CRIStin - NTNU [38047]
Originalversjon
10.1007/978-981-99-8742-9_5Sammendrag
We propose a generic construction of password-based authenticated key exchange (PAKE) from key encapsulation mechanisms (KEM). Assuming that the KEM is oneway secure against plaintext-checkable attacks (OW-PCA), we prove that our PAKE protocol is tightly secure in the Bellare-Pointcheval-Rogaway model (EUROCRYPT 2000). Our tight security proofs require ideal ciphers and random oracles. The OW-PCA security is relatively weak and can be implemented tightly with the Diffie-Hellman assumption, which generalizes the work of Liu et al. (PKC 2023), and “almost” tightly with lattice-based assumptions, which tightens the security loss of the work of Beguinet et al. (ACNS 2023) and allows more efficient practical implementation with Kyber. Beyond these, it opens an opportunity of constructing tight PAKE based on various assumptions.