International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 05 March 2023

Michael Rosenberg
ePrint Report ePrint Report
In a recent work, Cremers, Naor, Paz, and Ronen (CRYPTO '22) point out the problem of catastrophic impersonation in balanced password authenticated key exchange protocols (PAKEs). Namely, in a balanced PAKE, when a single party is compromised, the attacker learns the password and can subsequently impersonate anyone to anyone using the same password. The authors of the work present two solutions to this issue: CHIP, an identity-binding PAKE (iPAKE), and CRISP, a strong identity-binding PAKE (siPAKE). These constructions prevent the impersonation attack by generating a secret key on setup that is inextricably tied to the party's identity, and then deleting the password. Thus, upon compromise, all an attacker can immediately do is impersonate the victim. The strong variant goes further, preventing attackers from performing any precomputation before the compromise occurs.

In this work we present LATKE, an iPAKE from lattice assumptions in the random oracle model. In order to achieve security and correctness, we must make changes to CHIP's primitives, security models, and protocol structure.
Expand

Additional news items may be found on the IACR news page.