International Association for Cryptologic Research

International Association
for Cryptologic Research


An Efficient Strong Asymmetric PAKE Compiler Instantiable from Group Actions

Jiayu Xu , Oregon State University, USA
Ian McQuoid , Oregon State University, USA
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2023
Abstract: Password-authenticated key exchange (PAKE) is a class of protocols enabling two parties to convert a shared (possibly low-entropy) password into a high-entropy joint session key. Strong asymmetric PAKE (saPAKE), an extension that models the client-server setting where servers may store a client's password for repeated authentication, was the subject of standardization efforts by the IETF in 2019--20. In this work, we present the most computationally efficient saPAKE protocol so far: a compiler from PAKE to saPAKE which costs only 2 rounds and 7 exponentiations in total (3 for client and 4 for server) when instantiated with suitable underlying PAKE protocols. In addition to being efficient, our saPAKE protocol is conceptually simple and achieves the strongest notion of universally composable (UC) security. In addition to classical assumptions and classical PAKE, we may instantiate our PAKE-to-saPAKE compiler with cryptographic group actions, such as the isogeny-based CSIDH, and post-quantum PAKE. This yields the first saPAKE protocol from post-quantum assumptions as all previous constructions rely on cryptographic assumptions weak to Shor's algorithm.
  title={An Efficient Strong Asymmetric PAKE Compiler Instantiable from Group Actions},
  author={Jiayu Xu and Ian McQuoid},