Password-Authenticated Key Exchange (PAKE) has received deep
attention in the last few years, with a recent strong improvement by
Katz-Vaikuntanathan, and their one-round protocol: the two players just have to send simultaneous flows to each other, that depend on their own passwords only, to agree on a shared high entropy secret key. We follow their work with a further study of their new Smooth-Projective Hash Function framework, and namely we introduce new efficient instantiations on IND-CCA ciphertexts.
It allows us to design the most efficient PAKE known so far: a
one-round PAKE with two simultaneous flows consisting of 6 group elements each only, in any DDH-group.
Our scheme resists off-line dictionary attacks in the
Bellare-Pointcheval-Rogaway model, under the DDH assumption with a CRS.
We thereafter show how our new instantiations can prove more complex equations.
We then apply them to propose quite efficient instantiations in
the standard model of the more general family of protocols, termed
Langage-Authenticated Key Exchange.
They include quite concrete key exchange protocols, such as PAKE,
Verifier-based PAKE and Secret Handshakes.
In Verifier-based PAKE, the server knows a transformation of the password only, which limits impact of the corruption of the server, since exhaustive search would still have to be performed to recover the actual passwords.
In Secret Handshakes, two members of the same group want to identify each other secretly, in the sense that each party reveals his affiliation to the other only if they are members of the same group. Outsiders do not learn anything about the outcome of the protocol.