JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

1 of 17

Lec 16: Asymmetric PAKE

2 of 17

User-server setting

PAKE in the client-server setting…

Implicitly assuming no party compromise (all security guarantees lost if party compromise)

Asymmetric/Augmented PAKE (aPAKE)

What if…

Naïve aPAKE construction

PAKE

PAKE

Compromise server, impersonate server → inevitable (adversary simply runs server’s algorithm), has to be allowed
Compromise server, impersonate user → should be prevented

Summary

UC Functionality for (s)aPAKE�[GMR06, JKX18]

First attack: offline dictionary attack

aPAKE functionality

References

[GMR06] Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan. A Method for Making Password-Based Key Exchange Resilient to Server Compromise. In CRYPTO 2006.
[JKX18] Stanislaw Jarecki, Hugo Krawczyk, and Jiayu Xu. OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks. In EUROCRYPT 2018.