International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Efficient Asymmetric PAKE Compiler from KEM and AE

Authors:
You Lyu , Shanghai Jiao Tong University
Shengli Liu , Shanghai Jiao Tong University
Shuai Han , Shanghai Jiao Tong University
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2024
Abstract: Password Authenticated Key Exchange (PAKE) allows two parties to establish a secure session key with a shared low-entropy password $pw$. Asymmetric PAKE (aPAKE) extends PAKE in the client-server setting, and the server only stores a password file instead of the plain password so as to provide additional security guarantee when the server is compromised. In this paper, we propose a novel generic compiler from PAKE to aPAKE in the Universal Composable (UC) framework by making use of Key Encapsulation Mechanism (KEM) and Authenticated Encryption (AE). -- Our compiler admits efficient instantiations from lattice to yield lattice-based post-quantum secure aPAKE protocols. When instantiated with Kyber (the standardized KEM algorithm by the NIST), the performances of our compiler outperform other lattice-based compilers (Gentry et al. CRYPTO 2006) in all aspects, hence yielding the most efficient aPAKE compiler from lattice. In particular, when applying our compiler to the UC-secure PAKE schemes (Santos et al. EUROCRYPT 2023, Beguinet et al. ACNS 2023), we obtain the most efficient UC-secure aPAKE schemes from lattice. -- Moreover, the instantiation of our compiler from the tightly-secure matrix DDH (MDDH)-based KEM (Pan et al. CRYPTO 2023) can compile the tightly-secure PAKE scheme (Liu et al. PKC 2023) to a tightly-secure MDDH-based aPAKE, which serves as the first tightly UC-secure aPAKE scheme.
BibTeX
@inproceedings{asiacrypt-2024-34609,
  title={Efficient Asymmetric PAKE Compiler from KEM and AE},
  publisher={Springer-Verlag},
  author={You Lyu and Shengli Liu and Shuai Han},
  year=2024
}