Universally Composable Two-Server PAKE

Kiefer, Franziskus; Manulis, Mark

doi:10.1007/978-3-319-45871-7_10

Cited by 5 publications

(2 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Amongst the core security properties of PASE, there is a need to guarantee that only the legitimate user, who knows the password, can outsource, search and retrieve data. Hence, basing security of searchable encryption schemes on passwords introduces the need for a distributed server environment where trust is spread across at least two non-colluding servers, as is also the case in many password-based protocols for authentication and secret sharing, e.g., [4,[12][13][14][26][27][28]30,31,40]. The use of two servers provides the most practical scenario and the minimum requirement to achieve protection against offline dictionary attacks, while a more general secret sharing architecture with t-out-of-n servers would be applicable as well.…”

Section: Password-authenticated Searchable Encryption (Pase)mentioning

confidence: 99%

Password-authenticated searchable encryption

Chen

Huang

Manulis

et al. 2020

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

We introduce Password Authenticated Searchable Encryption (PASE), a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PASE ensures that only the legitimate user who knows the initially registered password can perform these operations. In particular, PASE guarantees that no single server can mount an offline attack on the user’s password or learn any information about the encrypted keywords. The concept behind PASE protocols extends previous concepts behind searchable encryption by removing the requirement on the client to store high-entropy keys, thus making the protocol device-agnostic on the user side. In this paper, we model the functionality of PASE along with two security requirements (indistinguishability against chosen keyword attacks and authentication) and propose an efficient direct construction in a two-server setting those security we prove in the standard model under the Decisional Diffie–Hellman assumption. Our constructions support outsourcing and retrieval procedures based on multiple keywords and allow users to change their passwords without any need for the re-encryption of the outsourced data. Our theoretical efficiency comparisons and experimental performance and scalability measurements show that the proposed scheme is practical and offers high performance in relation to computations and communications on the user side. The practicality of our PASE scheme is further demonstrated through its implementation within a JavaScript-based web application that can readily be executed on any (mobile) browser and remains practical for commodity user devices such as laptops and smartphones.

show abstract

Section: Password-authenticated Searchable Encryption (Pase)mentioning

confidence: 99%

Password-authenticated searchable encryption

Chen

Huang

Manulis

et al. 2020

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Even in relatively new standards, such as TLS 1.3 [1], certificate-based cipher suites remains significant. Theoretical frameworks for evaluating protocol security, such as extensions of the Bellare-Rogaway model (BR) [2], eCK model [3] and universal composability (UC) [4], are usually used while assuming the existence of certificate-based public key infrastructure (PKI) [5,6].…”

Section: Introductionmentioning

confidence: 99%

Practical Certificate-Less Infrastructure with Application in TLS

Duan,

Li,

Liao

2023

Cryptography

View full text Add to dashboard Cite

We propose highly efficient certificate-less (CL) protocols for the infrastructure used by authenticated key exchange (AKE). The construction is based on elliptic curves (EC) without pairing, which means it can be easily supported by most industrial cryptography libraries on constrained devices. Compared with other pairing-free CL solutions, the new CL-AKE protocol enjoys the least number of scalar multiplications over EC groups. We use a unified game-based model to formalize the security of each protocol, while most previous works only assess the security against a list of attacks, provide informal theorems without proper modeling, or use separate models for protocols in different stages. We also present an efficient integration of the core protocols into the TLS cipher suites and a stand-alone implementation for constrained devices. The performance is evaluated on constrained devices in real-world settings, which further confirms the efficiency of our proposal.

show abstract

Password Authenticated Key Exchange

Jarecki¹

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Universally Composable Two-Server PAKE

Cited by 5 publications

References 36 publications

Password-authenticated searchable encryption

Password-authenticated searchable encryption

Practical Certificate-Less Infrastructure with Application in TLS

Password Authenticated Key Exchange

Contact Info

Product

Resources

About