1 of 16

Lec 3: Game-Based Security Definition for PAKE

2 of 16

Recap

  • PAKE: start from low-entropy password, end up in high-entropy session key
    • Dict polynomial-size

  • Must be secure against man-in-the-middle adversary that can modify protocol messages back and forth
  • Secure means: only feasible attack is online guessing
    • How to formally define this??

3 of 16

PAKE security definition: attempt 1.0

  •  

4 of 16

 

  •  

5 of 16

Example execution of a 3-message flow protocol

  •  

 

 

 

 

 

 

 

 

6 of 16

  •  

7 of 16

Attempt 1.1

  •  

8 of 16

  •  

9 of 16

Attempt 2.0

  •  

10 of 16

  •  

11 of 16

  •  

12 of 16

Attempt 2.1

  •  

13 of 16

  •  

14 of 16

Adversary can be passive in a send session…

  •  

 

 

 

 

 

 

 

 

15 of 16

Attempt 2.2

  •  

16 of 16

  •