International Association
for Cryptologic Research

We continue the recent trend in cryptography to study protocol design

in presence of tamper-proof hardware tokens. We present a very efficient

protocol for password-based authenticated key exchange based on the weak model of one-time memory tokens, recently introduced by Goldwasser et al. (Crypto~2008). Our protocol only requires four moves, very basic operations, and the sender to send $\\ell$ tokens in the first step for passwords of length $\\ell$. At the same time we achieve information-theoretic security in Canetti\'s universal composition framework (FOCS~2001) against adaptive adversaries (assuming reliable erasure), even if the tokens are not guaranteed to be transferred in an authenticated way, i.e., even if the adversary can read or substitute transmitted tokens (as opposed to many previous efforts).