GeT a CAKE: Generic Transformations from Key Encaspulation Mechanisms to Password Authenticated Key Exchanges

Hugo Beguinet; Céline Chevalier; David Pointcheval; Thomas Ricosset; Mélissa Rossi

Paper 2023/470

GeT a CAKE: Generic Transformations from Key Encaspulation Mechanisms to Password Authenticated Key Exchanges

Hugo Beguinet, École Normale Supérieure - PSL, French National Centre for Scientific Research, French Institute for Research in Computer Science and Automation, Thales (France)

Céline Chevalier, Pantheon-Sorbonne University, École Normale Supérieure - PSL, French National Centre for Scientific Research, French Institute for Research in Computer Science and Automation

David Pointcheval

, École Normale Supérieure - PSL, French National Centre for Scientific Research, French Institute for Research in Computer Science and Automation

Thomas Ricosset, Thales (France)

Mélissa Rossi, ANSSI

Abstract

Password Authenticated Key Exchange (PAKE) have become a key building block in many security products as they provide interesting efficiency/security trade-offs. Indeed, a PAKE allows to dispense with the heavy public key infrastructures and its efficiency and portability make it well suited for applications such as Internet of Things or e-passports. With the emerging quantum threat and the effervescent development of post-quantum public key algorithms in the last five years, one would wonder how to modify existing password authenticated key exchange protocols that currently rely on Diffie-Hellman problems in order to include newly introduced and soon-to-be-standardized post-quantum key encapsulation mechanisms (KEM). A generic solution is desirable for maintaining modularity and adaptability with the many post-quantum KEM that have been introduced. In this paper, we propose two new generic and natural constructions proven in the Universal Composability (UC) model to transform, in a black-box manner, a KEM into a PAKE with very limited performance overhead: one or two extra symmetric encryptions. Behind the simplicity of the designs, establishing security proofs in the UC model is actually non-trivial and requires some additional properties on the underlying KEM like fuzziness and anonymity. Luckily, post-quantum KEM protocols often enjoy these two extra properties. As a demonstration, we prove that it is possible to apply our transformations to Crystals-Kyber, a lattice-based post-quantum KEM that will soon be standardized by the National Institute of Standards and Technology (NIST). In a nutshell, this work opens up the possibility to securely include post-quantum cryptography in PAKE-based real-world protocols.

Note: Short revision on anonymity property.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. Minor revision. 21st International Conference on Applied Cryptography and Network Security (2023)
DOI: 10.1007/978-3-031-33491-7_19
Keywords: Key Encapsulation Mechanism Password-Authenticated Key Exchange Universal Composability
Contact author(s): hugo beguinet @ ens fr
celine chevalier @ ens fr
david pointcheval @ ens fr
thomas ricosset @ thalesgroup com
melissa rossi @ ens fr
History: 2024-01-22: revised; 2023-03-31: received; See all versions
Short URL: https://ia.cr/2023/470
License: CC BY

BibTeX

@misc{cryptoeprint:2023/470,
      author = {Hugo Beguinet and Céline Chevalier and David Pointcheval and Thomas Ricosset and Mélissa Rossi},
      title = {GeT a CAKE: Generic Transformations from Key Encaspulation Mechanisms to Password Authenticated Key Exchanges},
      howpublished = {Cryptology ePrint Archive, Paper 2023/470},
      year = {2023},
      doi = {10.1007/978-3-031-33491-7_19},
      note = {\url{https://eprint.iacr.org/2023/470}},
      url = {https://eprint.iacr.org/2023/470}
}