On all-or-nothing transforms and password-authenticated key exchange protocols

نویسنده

Victor Boyko

چکیده

This thesis provides a formal analysis of two kinds of cryptographic objects that used to be treated with much less rigor: All-or-Nothing Transforms (AONTs) and Password-Authenticated Key Exchange protocols. For both, novel formal definitions of security are given, and then practical and efficient constructions are proven secure. The constructions for password-authenticated key exchange are novel, and the AONT construction is an application of an existing scheme to a new area. AONTs have been proposed by Rivest as a mode of operation for block ciphers. An AONT is an unkeyed, invertible, randomized transformation, with the property that it is hard to invert unless all of the output is known. Applications of AONTs include improving the security and efficiency of encryption. We give several strong formal definitions of security for AONTs. We then prove that Optimal Asymmetric Encryption Padding (OAEP) satisfies these definitions (in the random oracle model). This is the first construction of an AONT that has been proven secure in the strong sense. We also show that no AONT can achieve substantially better security than OAEP. The second part of this thesis is about password-authenticated key exchange protocols. We present a new protocol called PAK which is the first such Diffie-Hellmanbased protocol to provide a formal proof of security (in the random oracle model) against active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest. Thesis Supervisor: Ronald Rivest Title: Professor of Computer Science

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On All - or - Nothing Transforms and Password - AuthenticatedKey

متن کامل

A New Ring-Based SPHF and PAKE Protocol On Ideal Lattices

emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based ...

متن کامل

Password Authenticated Key Exchange by Juggling

Password-Authenticated Key Exchange (PAKE) studies how to establish secure communication between two remote parties solely based on their shared password, without requiring a Public Key Infrastructure (PKI). Despite extensive research in the past decade, this problem remains unsolved. Patent has been one of the biggest brakes in deploying PAKE solutions in practice. Besides, even for the patent...

متن کامل

Group Password-Authenticated Key Exchange from Identity-Based Cryptosystem

Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKE protocols in the group scenario, in which a group of clients, each of them shares a password with an “honest but curious” server, intend to establish a common secret key (i.e., a group key) with the help of...

متن کامل