International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Credential Authenticated Identification and Key Exchange

Authors:
Jan Camenisch
Nathalie Casati
Thomas Gross
Victor Shoup
Download:
URL: http://eprint.iacr.org/2010/055
Search ePrint
Search Google
Abstract: Secure two-party authentication and key exchange are fundamental problems. Traditionally, the parties authenticate each other by means of their identities, using a public-key infrastucture (PKI). However, this is not always feasible or desirable: an appropriate PKI may not be available, or the parties may want to remain anonymous, and not reveal their identities. To address these needs, we introduce the notions of credential-authenticated identification (CAID) and key exchange (CAKE), where the compatibility of the parties' \emph{credentials} is the criteria for authentication, rather than the parties' \emph{identities} relative to some PKI. We formalize CAID and CAKE in the universal composability (UC) framework, with natural ideal functionalities, and we give practical, modularly designed protocol realizations. We prove all our protocols UC-secure in the adaptive corruption model with erasures, assuming a common reference string (CRS). The proofs are based on standard cryptographic assumptions and do not rely on random oracles. CAKE includes password-authenticated key exchange (PAKE) as a special case, and we present two new PAKE protocols. The first one is interesting in that it is uses completly different techniques than known practical PAKE protocols, and also achieves UC-security in the adaptive corruption model with erasures; the second one is the first practical PAKE protocol that provides a meaningful form of resilience against server compromise without relying on random oracles.
BibTeX
@misc{eprint-2010-22956,
  title={Credential Authenticated Identification and Key Exchange},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / key exchange, authentication, anonymous credentials, PAKE},
  url={http://eprint.iacr.org/2010/055},
  note={ shoup@cs.nyu.edu 14754 received 2 Feb 2010, last revised 25 May 2010},
  author={Jan Camenisch and Nathalie Casati and Thomas Gross and Victor Shoup},
  year=2010
}