1 of 13

Lec 13: Smooth Projective Hash Functions

2 of 13

Motivation: PAKE without idealized model

  • All PAKEs we’ve seen (EKE, OEKE, SPAKE2) rely on RO/IC
  • Can we do PAKE without idealized model?
    • Today and next time: PAKE with CRS (“standard model”)
    • Can also do PAKE even without CRS (“plain model”); super inefficient, no standard security (adversary can launch >1 online guessing attack per instance)

  • 2-step construction
    • 1. Construct SPHF for a given language (SPHF is language-specific) → today
    • 2. For any SPHF, construct PAKE → next time

3 of 13

  •  

4 of 13

SPHF

  •  

5 of 13

  •  

6 of 13

  •  

7 of 13

SPHF Examples

8 of 13

Example 1: ElGamal

  •  

9 of 13

Example 2: Naor-Yung [KV11]

  •  

10 of 13

  •  

11 of 13

Example 3: Cramer-Shoup

  •  

12 of 13

  •  

13 of 13

References

  • [GL03] Rosario Gennaro and Yehuda Lindell. A Framework for Password-Based Authenticated Key Exchange. In EUROCRYPT 2003.
  • [KV11] Jonathan Katz and Vinod Vaikuntanathan. Round-Optimal Password-Based Authenticated Key Exchange. In TCC 2011.