Advanced password-authenticated key exchanges

Pierre-Alain Dupont 1, 2
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
Inria de Paris, CNRS - Centre National de la Recherche Scientifique : UMR 8548, DI-ENS - Département d'informatique de l'École normale supérieure
Abstract : Authenticated key exchange is probably the most widely deployed asymmetric cryptographic primitive, notably because of its inclusion in the TLS protocol. Its cousin, password-authenticated key exchange — where the authentication is done using a low-entropy password — while having been studied extensively as well has been much less used in practice. It is, however, a primitive much closer to actual authentication when at least one party is human. In this thesis, we consider advanced primitives based on password-authenticated key exchange, with an eye toward practical applications. Specifically, we introduce fuzzy password-authenticated key exchange, where the authentication succeeds as long as the two passwords are close enough, and not necessarily equal. We provide a security model in the UC framework, as well as a construction based on regular password-authenticated key exchanges and robust secret-sharing schemes. Secondly, we consider the practical problem of password leakage when taking into account sessions conducted on a corrupted device. As there is intrinsically no hope with regular password authentication, we extend the BPR security model to consider low-entropy challenge responses instead. We then provide several instantiations, some based on human-compatible function families, where the operation required to answer the challenge are simple enough to be conducted in one’s head, allowing the actual authentication to be directly performed by the human being.
Document type :
Complete list of metadatas

Cited literature [4 references]  Display  Hide  Download
Contributor : Pierre-Alain Dupont <>
Submitted on : Wednesday, September 5, 2018 - 10:01:45 PM
Last modification on : Wednesday, January 30, 2019 - 11:08:07 AM
Long-term archiving on : Thursday, December 6, 2018 - 5:56:02 PM


Files produced by the author(s)


  • HAL Id : tel-01868828, version 1



Pierre-Alain Dupont. Advanced password-authenticated key exchanges. Cryptography and Security [cs.CR]. PSL Research University, 2018. English. ⟨tel-01868828⟩



Record views


Files downloads