On Composability of Game-Based Password Authenticated Key Exchange
Title | On Composability of Game-Based Password Authenticated Key Exchange |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Skrobot, Marjan, Lancrenon, Jean |
Conference Name | 2018 IEEE European Symposium on Security and Privacy (EuroS P) |
ISBN Number | 978-1-5386-4228-3 |
Keywords | composability, Composition Theorem., Computational modeling, cryptographic protocols, cryptography, data payload encryption, find-then-guess model, FtG model, game theory, game-based models, game-based password authenticated key exchange protocols, game-based real-or-random definition, Games, higher-level applications, higher-level SKPs, message authentication, PAKE protocols, password, Password Authenticated Key Exchange, PKI, practical interest, Protocols, provably secure PAKEs, pubcrawl, public key cryptography, public-key infrastructure, Secret key, secure channels, secure composition guarantees, simulation models, Standards, Symmetric Key Protocol, telecommunication security, weak forward secrecy |
Abstract | It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key Protocol (SKP). Unfortunately, most PAKEs of practical interest are studied using so-called game-based models, which - unlike simulation models - do not guarantee secure composition per se. However, Brzuska et al. (CCS 2011) have shown that a middle ground is possible in the case of authenticated key exchange that relies on Public-Key Infrastructure (PKI): the game-based models do provide secure composition guarantees when the class of higher-level applications is restricted to SKPs. The question that we pose in this paper is whether or not a similar result can be exhibited for PAKE. Our work answers this question positively. More specifically, we show that PAKE protocols secure according to the game-based Real-or-Random (RoR) definition with the weak forward secrecy of Abdalla et al. (S&P 2015) allow for safe composition with arbitrary, higher-level SKPs. Since there is evidence that most PAKEs secure in the Find-then-Guess (FtG) model are in fact secure according to RoR definition, we can conclude that nearly all provably secure PAKEs enjoy a certain degree of composition, one that at least covers the case of implementing secure channels. |
URL | https://ieeexplore.ieee.org/document/8406616 |
DOI | 10.1109/EuroSP.2018.00038 |
Citation Key | skrobot_composability_2018 |
- Secret key
- Password Authenticated Key Exchange
- PKI
- practical interest
- Protocols
- provably secure PAKEs
- pubcrawl
- public key cryptography
- public-key infrastructure
- password
- secure channels
- secure composition guarantees
- simulation models
- standards
- Symmetric Key Protocol
- telecommunication security
- weak forward secrecy
- game-based models
- Composition Theorem.
- Computational modeling
- Cryptographic Protocols
- Cryptography
- data payload encryption
- find-then-guess model
- FtG model
- game theory
- composability
- game-based password authenticated key exchange protocols
- game-based real-or-random definition
- Games
- higher-level applications
- higher-level SKPs
- message authentication
- PAKE protocols