IND-PCA secure KEM is enough for password-based authenticated key exchange (short paper)

There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.In this paper...

Full description

Saved in:
Bibliographic Details
Main Authors: XUE, Haiyang, LI, Bao, LU, Xianhui
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2017
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/9191
https://ink.library.smu.edu.sg/context/sis_research/article/10196/viewcontent/ind_pca.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.In this paper, we show that IND-PCA secure key encapsulation mechanism (KEM) is enough for PAKE, which is weaker and easier to be constructed than IND-CCA secure encryption. Our refined PAKE consists of a smooth projective hash function on IND-CPA secure encryption and an IND-PCA secure KEM. Based on DDH assumption, the total communication of PAKE consists of 6 group elements and log⁡|D| (D is the set of password) bits, while before this, the most efficient PAKE contains 7 group elements.