# Tightly-Secure PAK(E)

@article{Becerra2017TightlySecureP, title={Tightly-Secure PAK(E)}, author={Jos{\'e} Becerra and Vincenzo Iovino and Dimiter Ostrev and Petra Sala and Marjan Skrobot}, journal={IACR Cryptol. ePrint Arch.}, year={2017}, volume={2017}, pages={1045} }

We present a security reduction for the PAK protocol instantiated over Gap Diffie-Hellman Groups that is tighter than previously known reductions. We discuss the implications of our results for concrete security. Our proof is the first to show that the PAK protocol can provide meaningful security guarantees for values of the parameters typical in today’s world.

## 2 Citations

### Forward Secrecy of SPAKE 2

- Computer Science, Mathematics
- 2018

This work proves that the SPAKE2 protocol satisfies the so-called weak forward secrecy introduced by Krawczyk (CRYPTO 2005), and demonstrates that the incorporation of key-confirmation codes in SPAke2 results in a protocol that provably satisfies the stronger notion of perfect forward secrecy.

### Two-Round PAKE Protocol over Lattices Without NIZK

- Computer Science, MathematicsInscrypt
- 2018

This paper proposes the first two-round PAKE protocol over lattices without NIZK, which is in accordance with the framework of Abdalla et al. (PKC’15) while attaining post-quantum security.

## References

SHOWING 1-10 OF 34 REFERENCES

### More Efficient Password-Authenticated Key Exchange

- Computer Science, MathematicsCT-RSA
- 2001

A version of PAK is shown that is provably secure against server compromise but is conceptually much simpler than the PAK-X protocol and modified for use over elliptic curve and XTR groups, allowing greater efficiency compared to running PAK over a subgroup of Zp.

### Short Signatures from the Weil Pairing

- Computer Science, MathematicsJournal of Cryptology
- 2004

A short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves is introduced for systems where signatures are typed in by a human or are sent over a low-bandwidth channel.

### Practice-Oriented Provable Security

- Computer ScienceLectures on Data Security
- 1998

This short article is intended to complement my talk on practice-oriented provable-security, a fruitful blend of theory and practice that is able to enrich both sides and has by now had some impact on real world security.

### The First Collision for Full SHA-1

- Computer Science, MathematicsCRYPTO
- 2017

SHA-1 is a widely used 1995 NIST cryptographic hash function standard that was officially deprecated by NIST in 2011 due to fundamental security weaknesses demonstrated in various analyses and…

### The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes

- Mathematics, Computer SciencePublic Key Cryptography
- 2001

This paper shows the relationship among inverting problems, decision problems and gap problems, and sees how the gap problems find natural applications in cryptography, namely for proving the security of very efficients and for solving a more than 10-year old open security problem: the Chaum's undeniable signature.

### On the Provable Security of the Dragonfly Protocol

- Computer Science, MathematicsISC
- 2015

This paper proves the security of a very close variant of Dragonfly in the random oracle model, which shows in particular that Dragonfly's main flows - a kind of Diffie-Hellman variation with a password-derived base - are sound.

### On the Relation Between SIM and IND-RoR Security Models for PAKEs

- Computer Science, MathematicsSECRYPT
- 2017

This work proves that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND- RoR security from Abdalla et al (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM- BMP security.

### Separating Decision Diffie–Hellman from Computational Diffie–Hellman in Cryptographic Groups

- Mathematics, Computer ScienceJournal of Cryptology
- 2003

This paper construct concrete examples of groups where the stronger hypothesis, hardness of the decision Diffie–Hellman problem no longer holds, while the weaker hypothesis is equivalent to the hardness ofThe discrete logarithm problem and still seems to be a reasonable hypothesis.

### HMQV: A High-Performance Secure Diffie-Hellman Protocol

- Computer Science, MathematicsCRYPTO
- 2005

HMQV is presented, a carefully designed variant of MQV that provides the same superb performance and functionality of the original protocol but for which all the MqV's security goals can be formally proved to hold in the random oracle model under the computational Diffie-Hellman assumption.

### One-Time Verifier-Based Encrypted Key Exchange

- Computer SciencePublic Key Cryptography
- 2005

This paper addresses the void in AuthA by first proving that it achieves the notion of forward-secrecy in a provably-secure way, and then modifying it in such a way that it is secure against attacks using captured user passwords or server data.