IND-PCA secure KEM is enough for password-based authenticated key exchange (short paper)
There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.In this paper...
Saved in:
Main Authors: | , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2017
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/9191 https://ink.library.smu.edu.sg/context/sis_research/article/10196/viewcontent/ind_pca.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
Summary: | There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.In this paper, we show that IND-PCA secure key encapsulation mechanism (KEM) is enough for PAKE, which is weaker and easier to be constructed than IND-CCA secure encryption. Our refined PAKE consists of a smooth projective hash function on IND-CPA secure encryption and an IND-PCA secure KEM. Based on DDH assumption, the total communication of PAKE consists of 6 group elements and log|D| (D is the set of password) bits, while before this, the most efficient PAKE contains 7 group elements. |
---|