International Association
for Cryptologic Research

While password-authenticated key exchange (or PAKE) protocols have

been deeply studied, a server corruption remains the main threat, with

many concrete cases nowadays. Verifier-based PAKE (or VPAKE)

protocols, initially called Augmented-PAKE, have been proposed to

limit the impact of any leakage. However, no satisfactory security

model has ever been proposed to quantify the actual security of a

protocol in the standard model. The unique model proposed so far is an

ideal functionality in the universal composability (UC) framework, but

is only meaningful in idealized models.

In this paper, we first enhance the Bellare-Pointcheval-Rogaway

game-based model for PAKE to VPAKE protocols, and then propose the

first game-based security model for both PAKE and VPAKE protocols that

additionally handles related passwords. It also allows a VPAKE

protocol to be secure in the standard model. We then propose several

VPAKE candidates which involve smooth projective hash functions and

multi-linear maps.