Practical Threshold Multi-Factor Authentication

Multi-factor authentication (MFA) has been widely used to safeguard high-value assets. Unlike single-factor (e.g., password-only login), t-factor ( tFA) requires a user always carry and present t specified factors so as strengthen the security of login. Nevertheless, this may restrict experience in limiting flexibility factor usage, e.g., prefer choose any at hand for login authentication. To bring back usability without loss security, we introduce new notion authentication, called (t,n) threshold MFA, that allows actively out n based on preference. We further define “most-rigorous” multi-factor model notion, allowing attackers control public channels, launch active/passive attacks, compromise/corrupt subset parties well factors. state can capture most practical needs literature. design MFA key exchange (T-MFAKE) protocol built top oblivious pseudorandom function an authenticated protocol. Our achieves “highest-attainable” against all attacking attempts context parties/factors being compromised/corrupted. As efficiency, our only 4+t exponentiations, 2 multi-exponentiations 2 communication rounds. Compared with existing tFA schemes, even degenerated (t,t) version strongest (stronger than schemes) higher efficiency computational communication. instantiate real-world platform highlight its practicability efficiency.