International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Permutation-Based Hash Chains with Application to Password Hashing

Authors:
Charlotte Lefevre
Bart Mennink
Download:
DOI: 10.46586/tosc.v2024.i4.249-286
URL: https://tosc.iacr.org/index.php/ToSC/article/view/11955
Search ePrint
Search Google
Abstract: Hash chain based password systems are a useful way to guarantee authentication with one-time passwords. The core idea dates back to Lamport, and is specified in RFC 1760 as S/Key. At CCS 2017, Kogan et al. introduced T/Key, an improved password system where one-time passwords are only valid for a limited time period. They proved security of their construction in the random oracle model under a basic modeling of the adversary. In this work, we make various advances in the analysis and instantiation of hash chain based password systems. Firstly, we describe a slight abstraction called U/Key that allows for more flexibility in the instantiation and analysis, and we develop a security model that refines the adversarial strength into offline and online complexity, that can be used beyond the random oracle model, and that allows to argue multi-user security directly. Secondly, we derive a new security proof of U/Key in the random oracle model, as well as dedicated and tighter security proofs of U/Key instantiated with a sponge construction and a truncated permutation. These dedicated security proofs, in turn, solve a problem of understanding the preimage resistance of a cascaded evaluation of the sponge construction. When applied to T/Key, these results improve significantly over the earlier results: whereas the originally suggested instantiation using SHA-256 uses a compression function that maps 768 bits into 256 bits, with a truncated permutation construction one can generically achieve 128 bits of security already with a permutation of size 256 bits.
BibTeX
@article{tosc-2024-34893,
  title={Permutation-Based Hash Chains with Application to Password Hashing},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2024},
  pages={249-286},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/11955},
  doi={10.46586/tosc.v2024.i4.249-286},
  author={Charlotte Lefevre and Bart Mennink},
  year=2024
}