In 2009, Abdalla et al. proposed a reasonably practical password-authenticated key exchange (PAKE) secure against adaptive adversaries in the universal composability (UC) framework. It exploited the Canetti-Fischlin methodology for commitments and the Cramer-Shoup smooth projective hash functions (SPHFs), following the Gennaro-Lindell approach for PAKE. In this paper, we revisit the notion of n...

Password-Authenticated Key Exchange (PAKE) has received deep attention in the last few years, with a recent improvement by Katz and Vaikuntanathan, and their one-round protocols: the two players just have to send simultaneous ows to each other, that depend on their own passwords only, to agree on a shared high entropy secret key. To this aim, they followed the Gennaro and Lindell's approach, wi...

We present a new framework for constructing efficient password authenticated key exchange (PAKE) protocols based on oblivious transfer (OT). Using this framework, we obtain: – an efficient and simple UC-secure PAKE protocol that is secure against adaptive corruptions without erasures. – efficient and simple PAKE protocols under the Computational DiffieHellman (CDH) assumption and the hardness o...

The most common web authentication technique in use today is password authentication via an HTML form, where a user types her password directly into a web page from the site to which she wishes to authenticate herself. The problem with this approach is that it relies on the user to determine when it is safe to enter her password. To resist phishing and other social engineering attacks, a user m...

While password-authenticated key exchange (or PAKE) protocols have been deeply studied, a server corruption remains the main threat, with many concrete cases nowadays. Verifier-based PAKE (or VPAKE) protocols, initially called Augmented-PAKE, have been proposed to limit the impact of any leakage. However, no satisfactory security model has ever been proposed to quantify the actual security of a...

We describe a public-key encryption scheme based on lattices — specifically, based on the hardness of the learning with error (LWE) problem — that is secure against chosen-ciphertext attacks while admitting (a variant of) smooth projective hashing. This encryption scheme suffices to construct a protocol for password-based authenticated key exchange (PAKE) that can be proven secure based on the ...

Password-authenticated key exchange (PAKE) is a cryptographic primitive that can establish secure remote communications between the client and server, especially with advantage of amplifying memorable passwords into strong session keys. However, arrival quantum computing era has brought new challenges to traditional PAKE protocols. Thus, designing an efficient post-quantum scheme becomes open r...

By using Password-based Authenticated Key Exchange (PAKE), a server can authenticate a user who has only the same password shared with the server in advance and establish a session key with the user simultaneously. However, in the real applications, we may have a situation where a user needs to share a session key with server A, but the authentication needs to be done by a different server B th...

Katz and Vaikuntanathan recently improved smooth projective hash functions in order to build oneround password-authenticated key exchange protocols (PAKE). To achieve security in the UC framework they allowed the simulator to extract the hashing key, which required simulation-sound non-interactive zero-knowledge proofs that are unfortunately ine cient. We improve the way the latter extractabili...