GeT a CAKE: Generic Transformations from Key encaspulation mechanisms to password Authenticated Key Exchanges. (English) Zbl 1542.94148
Tibouchi, Mehdi (ed.) et al., Applied cryptography and network security. 21st international conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023. Proceedings. Part II. Cham: Springer. Lect. Notes Comput. Sci. 13906, 516-538 (2023).
Summary: Password Authenticated Key Exchange (PAKE) have become a key building block in many security products as they provide interesting efficiency/security trade-offs. Indeed, a PAKE allows to dispense with the heavy public key infrastructures and its efficiency and portability make it well suited for applications such as Internet of Things or e-passports. With the emerging quantum threat and the effervescent development of post-quantum public key algorithms in the last five years, one would wonder how to modify existing password authenticated key exchange protocols that currently rely on Diffie-Hellman problems in order to include newly introduced and soon-to-be-standardized post-quantum key encapsulation mechanisms \((\mathsf{KEM})\). A generic solution is desirable for maintaining modularity and adaptability with the many post-quantum \(\mathsf{KEM}\) that have been introduced.
In this paper, we propose two new generic and natural constructions proven in the Universal Composability (UC) model to transform, in a black-box manner, a \(\mathsf{KEM}\) into a PAKE with very limited performance overhead: one or two extra symmetric encryptions. Behind the simplicity of the designs, establishing security proofs in the UC model is actually non-trivial and requires some additional properties on the underlying KEM like fuzziness and anonymity. Luckily, post-quantum \(\mathsf{KEM}\) protocols often enjoy these two extra properties. As a demonstration, we prove that it is possible to apply our transformations to Crystals-Kyber, a lattice-based post-quantum KEM that will soon be standardized by the National Institute of Standards and Technology (NIST). In a nutshell, this work opens up the possibility to securely include post-quantum cryptography in PAKE-based real-world protocols.
For the entire collection see [Zbl 1523.94004].
In this paper, we propose two new generic and natural constructions proven in the Universal Composability (UC) model to transform, in a black-box manner, a \(\mathsf{KEM}\) into a PAKE with very limited performance overhead: one or two extra symmetric encryptions. Behind the simplicity of the designs, establishing security proofs in the UC model is actually non-trivial and requires some additional properties on the underlying KEM like fuzziness and anonymity. Luckily, post-quantum \(\mathsf{KEM}\) protocols often enjoy these two extra properties. As a demonstration, we prove that it is possible to apply our transformations to Crystals-Kyber, a lattice-based post-quantum KEM that will soon be standardized by the National Institute of Standards and Technology (NIST). In a nutshell, this work opens up the possibility to securely include post-quantum cryptography in PAKE-based real-world protocols.
For the entire collection see [Zbl 1523.94004].
MSC:
| 94A62 | Authentication, digital signatures and secret sharing |
| 94A60 | Cryptography |
| 81P94 | Quantum cryptography (quantum-theoretic aspects) |
References:
| [1] | Albrecht, M.R., et al.: Classic McEliece. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/projects/post-quantum-cryptography/round-4-submissions |
| [2] | Abdalla, M.; Catalano, D.; Chevalier, C.; Pointcheval, D.; Malkin, T., Efficient two-party password-based key exchange protocols in the UC framework, CT-RSA 2008, 335-351 (2008), Heidelberg: Springer, Heidelberg · Zbl 1153.94340 · doi:10.1007/978-3-540-79263-5_22 |
| [3] | Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation. Cryptology ePrint Archive, Report 2016/1157 (2016). https://eprint.iacr.org/2016/1157 |
| [4] | Abdalla, M.; Haase, B.; Hesse, J.; Tibouchi, M.; Wang, H., Security analysis of CPace, ASIACRYPT 2021, 711-741 (2021), Heidelberg: Springer, Heidelberg · Zbl 1514.94027 · doi:10.1007/978-3-030-92068-5_24 |
| [5] | Abdalla, M., Haase, B., Hesse, J.: CPace, a balanced composable PAKE. Internet-Draft draft-irtf-cfrg-cpace-06, Internet Engineering Task Force. Work in Progress, July (2022) |
| [6] | Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Jajodia, S., Atluri, V., Jaeger, T., editors, ACM CCS 2003, pp. 241-250. ACM Press, October (2003) |
| [7] | Beguinet, H., Chevalier, C., Pointcheval, D., Ricosset, T., Rossi, M.: Get a cake: generic transformations from key encaspulation mechanisms to password authenticated key exchanges. Cryptology ePrint Archive, Paper 2023/470 (2023). https://eprint.iacr.org/2023/470 |
| [8] | Blazy, O., Chevalier, C., Huy Vu, Q.: Post-quantum uc-secure oblivious transfer in the standard model with adaptive corruptions. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019, Canterbury, UK, August 26-29, 2019, pp. 28:1-28:6. ACM (2019) |
| [9] | Bos, J.W.: CRYSTALS - kyber: a cca-secure module-lattice-based KEM. In 2018 IEEE European Symposium on Security and Privacy, EuroS &P 2018, London, United Kingdom, April 24-26, 2018, pp. 353-367. IEEE (2018) |
| [10] | Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72-84. IEEE Computer Society Press, May (1992) |
| [11] | Bellare, M.; Pointcheval, D.; Rogaway, P.; Preneel, B., Authenticated key exchange secure against dictionary attacks, EUROCRYPT 2000, 139-155 (2000), Heidelberg: Springer, Heidelberg · Zbl 1082.94533 · doi:10.1007/3-540-45539-6_11 |
| [12] | Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136-145. IEEE Computer Society Press, October (2001) |
| [13] | Canetti, R.; Halevi, S.; Katz, J.; Lindell, Y.; MacKenzie, PD; Cramer, R., Universally composable password-based key exchange, EUROCRYPT 2005, 404-421 (2005), Heidelberg: Springer, Heidelberg · Zbl 1137.94367 · doi:10.1007/11426639_24 |
| [14] | Canetti, R.; Rabin, T.; Boneh, D., Universal composition with joint state, CRYPTO 2003, 265-281 (2003), Heidelberg: Springer, Heidelberg · Zbl 1122.94360 · doi:10.1007/978-3-540-45146-4_16 |
| [15] | Dupont, P-A; Hesse, J.; Pointcheval, D.; Reyzin, L.; Yakoubov, S.; Nielsen, JB; Rijmen, V., Fuzzy password-authenticated key exchange, Advances in Cryptology - EUROCRYPT 2018, 393-424 (2018), Cham: Springer, Cham · Zbl 1415.94425 · doi:10.1007/978-3-319-78372-7_13 |
| [16] | D’Anvers, J.-P. et al.: SABER. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions |
| [17] | D’Anvers, J-P; Karmakar, A.; Sinha Roy, S.; Vercauteren, F.; Joux, A.; Nitaj, A.; Rachidi, T., Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM, Progress in Cryptology - AFRICACRYPT 2018, 282-305 (2018), Cham: Springer, Cham · Zbl 1423.94065 · doi:10.1007/978-3-319-89339-6_16 |
| [18] | Ducas, L., Schanck, J.: pq-crystals/security-estimates. https://github.com/pq-crystals/security-estimates (2021) |
| [19] | ElGamal, T., A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inf. Theory, 31, 469-472 (1985) · Zbl 0571.94014 · doi:10.1109/TIT.1985.1057074 |
| [20] | Gao, X., Ding, J., Liu, J., Li, L.: Post-quantum secure remote password protocol from RLWE problem. Cryptology ePrint Archive, Report 2017/1196 (2017). https://eprint.iacr.org/2017/1196 |
| [21] | Hofheinz, D.; Müller-Quade, J.; Naor, M., Universally composable commitments using random oracles, TCC 2004, 58-76 (2004), Heidelberg: Springer, Heidelberg · Zbl 1197.94191 · doi:10.1007/978-3-540-24638-1_4 |
| [22] | Langlois, A.; Stehlé, D., Worst-case to average-case reductions for module lattices, Des. Codes Cryptogr., 75, 3, 565-599 (2015) · Zbl 1361.94043 · doi:10.1007/s10623-014-9938-4 |
| [23] | MacKenzie, P.: On the security of the SPEKE password-authenticated key exchange protocol. Cryptology ePrint Archive, Report 2001/057 (2001). https://eprint.iacr.org/2001/057 |
| [24] | McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. The deep space network progress report 42-44, Jet Propulsion Laboratory, California Institute of Technology, January/February (1978). https://ipnpr.jpl.nasa.gov/progress_report2/42-44/44N.PDF |
| [25] | Poppelmann, T., et al.: NewHope. Technical report, National Institute of Standards and Technology (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions |
| [26] | Regev, O.; Dwork, C., Lattice-based cryptography, Advances in Cryptology - CRYPTO 2006, 131-141 (2006), Heidelberg: Springer, Heidelberg · Zbl 1161.94425 · doi:10.1007/11818175_8 |
| [27] | Schwabe, P., et al.: CRYSTALS-KYBER. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022 |
| [28] | Schmidt, J-M, Requirements for password-authenticated key agreement (PAKE) schemes, RFC, 8125, 1-10 (2017) |
| [29] | Zhang, J.; Yu, Yu; Takagi, T.; Peyrin, T., Two-round PAKE from approximate SPH and instantiations from lattices, ASIACRYPT 2017, 37-67 (2017), Heidelberg: Springer, Heidelberg · Zbl 1417.94088 · doi:10.1007/978-3-319-70700-6_2 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
