IND-PCA secure KEM is enough for password-based authenticated key exchange (short paper)
There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.In this paper...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9191 https://ink.library.smu.edu.sg/context/sis_research/article/10196/viewcontent/ind_pca.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.In this paper, we show that IND-PCA secure key encapsulation mechanism (KEM) is enough for PAKE, which is weaker and easier to be constructed than IND-CCA secure encryption. Our refined PAKE consists of a smooth projective hash function on IND-CPA secure encryption and an IND-PCA secure KEM. Based on DDH assumption, the total communication of PAKE consists of 6 group elements and log|D| (D is the set of password) bits, while before this, the most efficient PAKE contains 7 group elements. |
|---|