Post-Quantum Secure Remote Password Protocol from RLWE Problem

  title={Post-Quantum Secure Remote Password Protocol from RLWE Problem},
  author={Xinwei Gao and Jintai Ding and Jiqiang Liu and Lin Li},
Secure Remote Password (SRP) protocol is an augmented Password-based Authenticated Key Exchange (PAKE) protocol based on discrete logarithm problem (DLP) with various attractive security features. Compared with basic PAKE protocols, SRP does not require server to store user’s password and user does not send password to server to authenticate. These features are desirable for secure client-server applications. SRP has gained extensive real-world deployment, including Apple iCloud, 1Password etc… 
A Comparison of the Password-Authenticated Key Exchange Protocols, SRP-6a and PAKE2+
This report looks at both the theoretical and practical aspects of the PAKE protocols, SRP-6a and PAKE2+, from a business perspective, and indicates that SRP6-a is likely the more viable alternative for businesses today.
Design and Implementation of Constant-Round Dynamic Group Key Exchange from RLWE
This work designs yet another quantum-resistant constant-round GKE based on lattice without a trusted authority based on Apon et al.
Practical Randomized RLWE-Based Key Exchange Against Signal Leakage Attack
A new randomized RLWE-based key exchange protocol is constructed that incorporates an additional ephemeral public error term into key exchange materials, so that an efficient attack against reconciliation-based RLWE key exchange protocols with reused keys no longer works.
SoK: Password-Authenticated Key Exchange - Theory, Practice, Standardization and Real-World Lessons
A thorough and systematic review of the field, a summary of the state-of-the-art, a taxonomy to categorize existing protocols, and a comparative analysis of protocol performance using representative schemes from each taxonomy category are provided.
Constant-round Dynamic Group Key Exchange from RLWE Assumption
A novel lattice-based group key exchange protocol with dynamic membership constructed by generalizing Dutta-Barua protocol to RLWE setting, inspired by Apon et al.
Implementation of Tree-based Dynamic Group Key Exchange with NewHope
This paper has implemented the first latticebased GKE, to the best of the knowledge in the open literature, in dynamic setting, with a tree structure, by adopting NewHope protocol as a building block.
Analysis of Two Countermeasures against the Signal Leakage Attack
In 2017, a practical attack against reconciliation-based RLWE key exchange protocols was proposed, which can recover a long-term private key if a key pair is reused.


Provably Secure Password Authenticated Key Exchange Based on RLWE for the Post-Quantum World
Two lattice-based PAKE protocols are constructed that rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring, and believe they are suitable quantum safe replacements for \(\mathsf {PAK}\) and \(\ mathsf {PPK}\).
Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman
This work presents a new protocol called PAK, which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries.
Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem
This work demonstrates the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, and accompanies these cipher suites with a rigorous proof of security.
Simple Password-Based Encrypted Key Exchange Protocols
This paper presents two simple password-based encrypted key exchange protocols based on that of Bellovin and Merritt, and one of them is more suitable to scenarios in which the password is shared across several servers, while the other enjoys better security properties.
Password Authenticated Key Exchange by Juggling
  • F. Hao, P. Ryan
  • Computer Science, Mathematics
    Security Protocols Workshop
  • 2008
The J-PAKE protocol achieves mutual authentication in two steps: first, two parties send ephemeral public keys to each other; second, they encrypt the shared password by juggling the public keys in a verifiable way, and is zero-knowledge as it reveals nothing except one-bit information: whether the supplied passwords at two sides are the same.
Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices
This work describes a public-key encryption scheme based on lattices that is secure against chosen-ciphertext attacks while admitting (a variant of) smooth projective hashing and obtains the first PAKE protocol whose security relies on a lattice-based assumption.
The Secure Remote Password Protocol
This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and has significantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE.
HMQV: A High-Performance Secure Diffie-Hellman Protocol
HMQV is presented, a carefully designed variant of MQV that provides the same superb performance and functionality of the original protocol but for which all the MqV's security goals can be formally proved to hold in the random oracle model under the computational Diffie-Hellman assumption.
Encrypted key exchange: password-based protocols secure against dictionary attacks
  • S. Bellovin, Michael Merritt
  • Computer Science, Mathematics
    Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1992
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes
A model and a definition for forward-secure authenticated key exchange (AKE) protocols, which can be satisfied without depending on the Diffie--Hellman assumption are suggested, and a protocol, called FORSAKES, is introduced.