International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Universally Composable Relaxed Password Authenticated Key Exchange

Michel Abdalla , CNRS, ENS, PSL
Manuel Barbosa , FCUP and INESC TEC
Tatiana Bradley , University of California, Irvine
Stanislaw Jarecki , University of California, Irvine
Jonathan Katz , George Mason University
Jiayu Xu , George Mason University and University of Maryland
DOI: (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2020
Abstract: Protocols for password authenticated key exchange (PAKE) allow two parties who share only a weak password to agree on a cryptographic key. We revisit the notion of PAKE in the universal composability (UC) framework, and propose a relaxation of the PAKE functionality of Canetti et al. that we call lazy-extraction PAKE (lePAKE). Our relaxation allows the ideal-world adversary to postpone its password guess until after a session is complete. We argue that this relaxed notion still provides meaningful security in the password-only setting. As our main result, we show that several PAKE protocols that were previously only proven secure with respect to a ``game-based'' definition of security can be shown to UC-realize the lePAKE functionality in the random-oracle model. These include SPEKE, SPAKE2, and TBPEKE, the most efficient PAKE schemes currently known.
Video from CRYPTO 2020
  title={Universally Composable Relaxed Password Authenticated Key Exchange},
  author={Michel Abdalla and Manuel Barbosa and Tatiana Bradley and Stanislaw Jarecki and Jonathan Katz and Jiayu Xu},