Zero-Knowledge Password Policy Checks and Verifier-Based PAKE

  title={Zero-Knowledge Password Policy Checks and Verifier-Based PAKE},
  author={Franziskus Kiefer and Mark Manulis},
Zero-Knowledge Password Policy Checks (ZKPPC), introduced in this work, enable blind registration of client passwords at remote servers, i.e., client passwords are never transmitted to the servers. This eliminates the need for trusting servers to securely process and store client passwords. A ZKPPC protocol, executed as part of the registration procedure, allows clients to further prove compliance of chosen passwords with respect to password policies defined by the servers. The main benefit of… CONTINUE READING
Highly Cited
This paper has 17 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 11 extracted citations

VTBPEKE: Verifier-based Two-Basis Password Exponential Key Exchange

View 4 Excerpts
Method Support
Highly Influenced

Zero-Knowledge Password Policy Check from Lattices

IACR Cryptology ePrint Archive • 2017
View 7 Excerpts
Highly Influenced

Blind Password Registration for Verifier-based PAKE

AsiaPKC@AsiaCCS • 2016
View 10 Excerpts
Method Support
Highly Influenced

Secure Set-based Policy Checking and Its Application to Password Registration

IACR Cryptology ePrint Archive • 2015
View 8 Excerpts
Highly Influenced


Publications referenced by this paper.
Showing 1-10 of 22 references

Hack of Cupid Media dating website exposes 42 million plaintext passwords

Dan Goodin, • 2014
View 1 Excerpt

Microsoft India store down after hackers take user data

Thomson Reuters
http: //, • 2014
View 1 Excerpt

RockYou Hack: From Bad To Worse

Nik Cubrilovic 2009/12/14/rockyou-hack-security-myspace-facebook-passwords/, • 2014
View 1 Excerpt

and L

M. S. Turan, E. Barker, W. Burr
Chen. Recommendation for passwordbased key derivation. NIST Special Publication 800-132, • 2010
View 2 Excerpts