Password-Authenticated Key Exchange (PAKE) allows two parties to establish a common high-entropy secret from a possibly low-entropy pre-shared secret such as a password. In this work, we provide the first PAKE protocol with subversion resilience in the framework of universal composability (UC), where the latter roughly means that UC security still holds even if one of the two parties is malicious and the honest party's code has been subverted (in an undetectable manner). We achieve this result by sanitizing the PAKE protocol from oblivious transfer (OT) due to Canetti et al. (PKC'12) via cryptographic reverse firewalls in the UC framework (Chakraborty et al., EUROCRYPT'22). This requires new techniques, which help us uncover new cryptographic primitives with sanitation-friendly properties along the way (such as OT, dual-mode cryptosystems, and signature schemes). As an additional contribution, we delve deeper in the backbone of communication required in the subversion-resilient UC framework, extending it to the unauthenticated setting, in line with the work of Barak et al. (CRYPTO'05).
Key Exchange in the Post-snowden Era: Universally Composable Subversion-Resilient PAKE / Chakraborty, Suvradip; Magliocco, Lorenzo; Magri, Bernardo; Venturi, Daniele. - 15488:(2024), pp. 101-133. (Intervento presentato al convegno International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT) tenutosi a Kolkata; India) [10.1007/978-981-96-0935-2_4].
Key Exchange in the Post-snowden Era: Universally Composable Subversion-Resilient PAKE
Magliocco, Lorenzo;Magri, Bernardo;Venturi, Daniele
2024
Abstract
Password-Authenticated Key Exchange (PAKE) allows two parties to establish a common high-entropy secret from a possibly low-entropy pre-shared secret such as a password. In this work, we provide the first PAKE protocol with subversion resilience in the framework of universal composability (UC), where the latter roughly means that UC security still holds even if one of the two parties is malicious and the honest party's code has been subverted (in an undetectable manner). We achieve this result by sanitizing the PAKE protocol from oblivious transfer (OT) due to Canetti et al. (PKC'12) via cryptographic reverse firewalls in the UC framework (Chakraborty et al., EUROCRYPT'22). This requires new techniques, which help us uncover new cryptographic primitives with sanitation-friendly properties along the way (such as OT, dual-mode cryptosystems, and signature schemes). As an additional contribution, we delve deeper in the backbone of communication required in the subversion-resilient UC framework, extending it to the unauthenticated setting, in line with the work of Barak et al. (CRYPTO'05).| File | Dimensione | Formato | |
|---|---|---|---|
|
Chakraborty_Key-Exchange_2024.pdf
accesso aperto
Note: https://link.springer.com/content/pdf/10.1007/978-981-96-0935-2_4.pdf?pdf=inline link
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
609.1 kB
Formato
Adobe PDF
|
609.1 kB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
