Pseudorandom signatures

Fleischhacker, Nils; Günther, Felix; Kiefer, Franziskus; Manulis, Mark; Poettering, Bertram

doi:10.1145/2484313.2484325

Cited by 3 publications

(3 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to enable encoding of PAKE messages using IHME with passwords as indices we apply our second building block, namely admissible encoding [19,21,29]. Briefly, a function F : S → R is an -admissible encoding for (S, R) with |S| > |R| when for all uniformly distributed r ∈ R, the distribution of the inverse transformation I F (r) is -statistically indistinguishable from the uniform distribution over S. We refer to [21,29] or Appendix A for more details.…”

Section: Transforming Pake Protocols Into O-pakementioning

confidence: 99%

“…Briefly, a function F : S → R is an -admissible encoding for (S, R) with |S| > |R| when for all uniformly distributed r ∈ R, the distribution of the inverse transformation I F (r) is -statistically indistinguishable from the uniform distribution over S. We refer to [21,29] or Appendix A for more details. I F enables us to map PAKE messages into the IHME message space where necessary.…”

Section: Transforming Pake Protocols Into O-pakementioning

confidence: 99%

“…we use the inverse of encoding (3) : 1) : Z q → G and I F (3,1) follows the specification from [29,Lemma 12] with prime |q | = (λ) > 2|N | to meet IHME requirements.…”

Section: Fig 2: Oblivious Spake (O-spake)mentioning

confidence: 99%

See 2 more Smart Citations

Oblivious PAKE: Efficient Handling of Password Trials

Kiefer

Manulis

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. In this work we introduce the notion of Oblivious Password based Authenticated Key Exchange (O-PAKE) and a compiler to transform a large class of PAKE into O-PAKE protocols. O-PAKE allows a client that shares one password with a server to use a subset of passwords within one PAKE session. It succeeds if and only if one of those input passwords matches the one stored on the server side. The term oblivious is used to emphasise that no information about any password, input by the client, is made available to the server. O-PAKE protocols can be used to improve the overall efficiency of login attempts using PAKE protocols in scenarios where users are not sure (e.g. no longer remember) which of their passwords has been used at a particular web server. Using special processing techniques, our O-PAKE compiler reaches nearly constant run time on the server side, independent of the size of the client's password set; in contrast, a naive approach to run a new PAKE session for each login attempt would require linear run time for both parties. We prove security of the O-PAKE compiler under standard assumptions using the latest game-based PAKE model by Abdalla, Fouque and Pointcheval (PKC 2005), tailored to our needs. We identify the requirements that PAKE protocols must satisfy in order to suit the compiler and give two concrete O-PAKE instantiation.

show abstract