Paper 2020/848

On Composability of Game-based Password Authenticated Key Exchange

Marjan Škrobot and Jean Lancrenon

Abstract

It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key Protocol (SKP). Unfortunately, most PAKEs of practical interest are studied using so-called game-based models, which – unlike simulation models – do not guarantee secure composition per se. However, Brzuska et al. (CCS 2011) have shown that middle ground is possible in the case of authenticated key exchange that relies on Public- Key Infrastructure (PKI): the game-based models do provide secure composition guarantees when the class of higher-level applications is restricted to SKPs. The question that we pose in this paper is whether or not a similar result can be exhibited for PAKE. Our work answers this question positively. More specifically, we show that PAKE protocols secure according to the game-based Real-or-Random (RoR) definition with the weak forward secrecy of Abdalla et al. (S&P 2015) allow for safe composition with arbitrary, higher-level SKPs. Since there is evidence that most PAKEs secure in the Find-then-Guess (FtG) model are in fact secure according to RoR definition, we can conclude that nearly all provably secure PAKEs enjoy a certain degree of composition, one that at least covers the case of implementing secure channels

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. 2018 IEEE European Symposium on Security and Privacy (EuroS&P)
DOI
10.1109/EuroSP.2018.00038
Keywords
Password Authenticated Key ExchangeComposabilityComposition Theorem.
Contact author(s)
marjan skrobot @ gmail com
History
2020-07-12: received
Short URL
https://ia.cr/2020/848
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/848,
      author = {Marjan Škrobot and Jean Lancrenon},
      title = {On Composability of Game-based Password Authenticated Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2020/848},
      year = {2020},
      doi = {10.1109/EuroSP.2018.00038},
      note = {\url{https://eprint.iacr.org/2020/848}},
      url = {https://eprint.iacr.org/2020/848}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.