CryptoDB
Efficient Asymmetric PAKE Compiler from KEM and AE
Authors: |
|
---|---|
Download: | |
Presentation: | Slides |
Conference: | ASIACRYPT 2024 |
Abstract: | Password Authenticated Key Exchange (PAKE) allows two parties to establish a secure session key with a shared low-entropy password $pw$. Asymmetric PAKE (aPAKE) extends PAKE in the client-server setting, and the server only stores a password file instead of the plain password so as to provide additional security guarantee when the server is compromised. In this paper, we propose a novel generic compiler from PAKE to aPAKE in the Universal Composable (UC) framework by making use of Key Encapsulation Mechanism (KEM) and Authenticated Encryption (AE). -- Our compiler admits efficient instantiations from lattice to yield lattice-based post-quantum secure aPAKE protocols. When instantiated with Kyber (the standardized KEM algorithm by the NIST), the performances of our compiler outperform other lattice-based compilers (Gentry et al. CRYPTO 2006) in all aspects, hence yielding the most efficient aPAKE compiler from lattice. In particular, when applying our compiler to the UC-secure PAKE schemes (Santos et al. EUROCRYPT 2023, Beguinet et al. ACNS 2023), we obtain the most efficient UC-secure aPAKE schemes from lattice. -- Moreover, the instantiation of our compiler from the tightly-secure matrix DDH (MDDH)-based KEM (Pan et al. CRYPTO 2023) can compile the tightly-secure PAKE scheme (Liu et al. PKC 2023) to a tightly-secure MDDH-based aPAKE, which serves as the first tightly UC-secure aPAKE scheme. |
BibTeX
@inproceedings{asiacrypt-2024-34609, title={Efficient Asymmetric PAKE Compiler from KEM and AE}, publisher={Springer-Verlag}, author={You Lyu and Shengli Liu and Shuai Han}, year=2024 }