Litcius/Paper detail

Quantum-Safe Round-Optimal Password Authentication for Mobile Devices

Zengpeng Li, Ding Wang, Eduardo Morais

2020IEEE Transactions on Dependable and Secure Computing90 citationsDOI

Abstract

Password authentication is the dominant form of access control for the Web and mobile devices, and its practicality and ubiquity is unlikely to be replaced by other authentication approaches in the foreseeable future. To guarantee the security of data communication and mitigate the problem of password-cracking, a <i>Password Authenticated Key Exchange</i> ( <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math></inline-formula> ) system can be deployed between two peer participants. The main drawback of traditional <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math></inline-formula> is that passwords are exposed in plaintext when the remote server is compromised. To overcome this limitation, it is recommended by industry standards (such as SRP family RFC 5054, RFC6628, RFC7914, OPAQUE, <i>etc</i> ) to use <i>asymmetric</i> - <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math></inline-formula> protocols, which enable the server to store a hash of the user's password with a random salt, providing guarantees that the user's password is never transmitted in plain-text to the server when login. However, most of the existing <i>asymmetric</i> - <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math></inline-formula> protocols either are based on traditional hash functions under random oracles, or depend on non-quantum-secure hardness assumptions and become insecure in the quantum era. To bridge the gap between <i>asymmetric</i> - <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math></inline-formula> and quantum-security, in this article, we resort to <i>smooth projective hash functions</i> ( <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math></inline-formula> ) and <i>commitment</i> -based <i>password-hashing schemes</i> ( <inline-formula><tex-math notation="LaTeX">$\mathsf {PHS}$</tex-math></inline-formula> ) over lattice-based cryptography, and construct an asymmetric <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math></inline-formula> protocol secure against quantum attacks. Our construction eliminates the costly non-interactive zero-knowledge (NIZK) method, bypasses assumptions of the random oracle model, and achieves quantum resistance. We also show that our asymmetric- <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math></inline-formula> protocol can achieve security and efficiency under the Bellare-Pointcheval-Rogaway (BPR) model. Finally, we develop a prototype implementation of our instantiation and use it to evaluate its performance in realistic settings.

Topics & Concepts

PasswordHash functionComputer scienceTheoretical computer scienceAuthentication (law)Cryptographic hash functionNotationComputer securityDiscrete mathematicsMathematicsArithmeticUser Authentication and Security SystemsAdvanced Authentication Protocols SecurityCryptography and Data Security