Geodesic
Password-authenticated group key establishment from smooth projective hash functions
International Journal of Applied Mathematics and Computer Science, Tome 29 (2019) no. 4, pp. 797-815.

Voir la notice de l'article provenant de la source Library of Science

Password-authenticated key exchange (PAKE) protocols allow users sharing a password to agree upon a high entropy secret. Thus, they can be implemented without complex infrastructures that typically involve public keys and certificates. In this paper, a provably secure password-authenticated protocol for group key establishment in the common reference string (CRS) model is presented. While prior constructions of the group (PAKE) can be found in the literature, most of them rely on idealized assumptions, which we do not make here. Furthermore, our protocol is quite efficient, as regardless of the number of involved participants it can be implemented with only three communication rounds. We use a (by now classical) trick of Burmester and Desmedt for deriving group key exchange protocols using a two-party construction as the main building block. In our case, the two-party PAKE used as a base is a one-round protocol by Katz and Vaikuntanathan, which in turn builds upon a special kind of smooth projective hash functions (KV-SPHFs). Smooth projective hash functions (SPHFs) were first introduced by Cramer and Shoup (2002) as a valuable cryptographic primitive for deriving provable secure encryption schemes. These functions and their variants proved useful in many other scenarios. We use here as a main tool a very strong type of SPHF, introduced by Katz and Vaikuntanathan for building a one-round password based two party key exchange protocol. As evidenced by Ben Hamouda et al. (2013), KV-SPHFs can be instantiated on Cramer–Shoup ciphertexts, thus yielding very efficient (and pairing free) constructions.
Keywords: group key exchange, password authentication, smooth projective hashing
Mots-clés : uzgadnianie klucza, uwierzytelnienie hasła, haszowanie rzutowe 
@article{IJAMCS_2019_29_4_a13,
     author = {Bohli, Jens Matthias and Gonz\'alez Vasco, Mar{\'\i}a Isabel and Steinwandt, Rainer},
     title = {Password-authenticated group key establishment from smooth projective hash functions},
     journal = {International Journal of Applied Mathematics and Computer Science},
     pages = {797--815},
     publisher = {mathdoc},
     volume = {29},
     number = {4},
     year = {2019},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/IJAMCS_2019_29_4_a13/}
}
TY  - JOUR
AU  - Bohli, Jens Matthias
AU  - González Vasco, María Isabel
AU  - Steinwandt, Rainer
TI  - Password-authenticated group key establishment from smooth projective hash functions
JO  - International Journal of Applied Mathematics and Computer Science
PY  - 2019
SP  - 797
EP  - 815
VL  - 29
IS  - 4
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/IJAMCS_2019_29_4_a13/
LA  - en
ID  - IJAMCS_2019_29_4_a13
ER  - 
%0 Journal Article
%A Bohli, Jens Matthias
%A González Vasco, María Isabel
%A Steinwandt, Rainer
%T Password-authenticated group key establishment from smooth projective hash functions
%J International Journal of Applied Mathematics and Computer Science
%D 2019
%P 797-815
%V 29
%N 4
%I mathdoc
%U http://geodesic.mathdoc.fr/item/IJAMCS_2019_29_4_a13/
%G en
%F IJAMCS_2019_29_4_a13
Bohli, Jens Matthias; González Vasco, María Isabel; Steinwandt, Rainer. Password-authenticated group key establishment from smooth projective hash functions. International Journal of Applied Mathematics and Computer Science, Tome 29 (2019) no. 4, pp. 797-815. http://geodesic.mathdoc.fr/item/IJAMCS_2019_29_4_a13/

[1] Abdalla, M., Benhamouda, F. and MacKenzie, P. (2015). Security of the J-PAKE password-authenticated key exchange protocol, IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, pp. 571–587.

[2] Abdalla,M., Bohli, J.-M., González Vasco, M.I. and Steinwandt, R. (2007). (Password) Authenticated key establishment: From 2-party to group, in S.P. Vadhan (Ed.), Theory of Cryptography Conference, TCC 2007, Lecture Notes in Computer Science, Vol. 4392, Springer, Berlin/Heidelberg, pp. 499–514.

[3] Abdalla, M., Bresson, E., Chevassut, O. and Pointcheval, D. (2006). Password-based group key exchange in a constant number of rounds, in M. Yung et al. (Eds), Public Key Cryptography, PKC 2006, Lecture Notes in Computer Science, Vol. 3958, Springer, Berlin/Heidelberg, pp. 427–442.

[4] Abdalla, M., Fouque, P.-A. and Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting, in S. Vaudenay (Ed.), Public Key Cryptography, PKC 2005, Lecture Notes in Computer Science, Vol. 3386, Springer, Berlin/Heidelberg, pp. 65–84.

[5] Abdalla, M., Fouque, P.-A. and Pointcheval, D. (2006). Password-based authenticated key exchange in the three-party setting, IEE Proceedings: Information Security 153(1): 27–39.

[6] Abdalla, M. and Pointcheval, D. (2005). Simple password-based encrypted key exchange protocols, in A. Menezes (Ed.), Topics in Cryptology, CT-RSA 2005, Lecture Notes in Computer Science, Vol. 3376, Springer, Berlin/Heidelberg, pp. 191–208.

[7] Abdalla, M. and Pointcheval, D. (2006). A scalable password-based group key exchange protocol in the standard model, in X. Lai and K. Chen (Eds), Proceedings of ASIACRYPT 2006, Lecture Notes in Computer Science, Vol. 4284, Springer, Berlin/Heidelberg, pp. 332–347.

[8] Bellare, M., Canetti, R. and Krawczyk, H. (1998). A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract), 13th Annual ACM Symposium on the Theory of Computing, Dallas, TX, USA, pp. 419–428, DOI: 10.1145/276698.276854.

[9] Bellare, M., Pointcheval, D. and Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks, in B. Preneel (Ed.), Advances in Cryptology, EUROCRYPT 2000, Lecture Notes in Computer Science, Vol. 1807, Springer, Berlin/Heidelberg, pp. 139–155.

[10] Bellare, M. and Rogaway, P. (1994). Entity authentication and key distribution, in D.R. Stinson (Ed.), Advances in Cryptology, CRYPTO’93, Lecture Notes in Computer Science, Vol. 773, Springer, Berlin/Heidelberg, pp. 232–249.

[11] Ben Hamouda, F., Blazy, O., Chevalier, C., Pointcheval, D. and Vergnaud, D. (2013). New smooth projective hash functions and one-round authenticated key exchange, IACR Cryptology ePrint Archive 2013: 34, http://eprint.iacr.org/2013/034.

[12] Blake-Wilson, S. and Menezes, A. (1999). Authenticated Diffie–Hellman key agreement protocols, in S.E. Tavares and H. Meijer (Eds), Proceedings of the Selected Areas in Cryptography, SAC’98, Springer-Verlag, Berlin/Heidelberg, pp. 339–361.

[13] Blazy, O. and Chevalier, C. (2015). Generic construction of UC-secure oblivious transfer, in T. Malkin et al. (Eds), Applied Cryptography and Network Security, Lecture Notes in Computer Science, Vol. 9092, Springer, Berlin/Heidelberg, pp. 65–86.

[14] Bohli, J.-M., González Vasco, M.I. and Steinwandt, R. (2007). Secure group key establishment revisited, International Journal of Information Security 6(4): 243–254.

[15] Bohli, J.-M., Vasco, M.I.G. and Steinwandt, R. (2018). Password-authenticated constant-round group key establishment from smooth projective hash functions, Cryptology ePrint Archive, Report 2006/214, http://eprint.iacr.org/2006/214.

[16] Boyko, V., MacKenzie, P. and Patel, S. (2000). Provably secure password-authenticated key exchange using Diffie–Hellman, in B. Preneel (Ed.), Advances in Cryptology, EUROCRYPT 2000, Lecture Notes in Computer Science, Vol. 1807, Springer, Berlin/Heidelberg, pp. 156–171.

[17] Bresson, E., Chevassut, O. and Pointcheval, D. (2002). Group Diffie–Hellman key exchange secure against dictionary attacks, in Y. Zheng (Ed.) Advances in Cryptology, Lecture Notes in Computer Science, Vol. 2501, Springer, Berlin/Heidelberg, pp. 497–514.

[18] Burmester, M. and Desmedt, Y. (1995). A secure and efficient conference key distribution system, in A.D. Santis (Ed.), Advances in Cryptology, EUROCRYPT’94, Lecture Notes in Computer Science, Vol. 950, Springer, Berlin/Heidelberg, pp. 275–286.

[19] Carter, L. and Wegman, M.N. (1977). Universal classes of hash functions (extended abstract), in J.E. Hopcroft et al. (Eds), Proceedings of the 9th Annual ACM Symposium on Theory of Computing, Boulder, CO, USA, pp. 106–112.

[20] Cramer, R. and Shoup, V. (2002). Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in L. Knudsen (Ed.), Advances in Cryptology, EUROCRYPT 2002, Lecture Notes in Computer Science, Vol. 2332, Springer, Berlin/Heidelberg, pp. 45–64.

[21] Dutta, R. and Barua, R. (2006). Password-based encrypted group key agreement, International Journal of Network Security 3(1): 23–34.

[22] Gennaro, R. and Lindell, Y. (2003a). A framework for password-based authenticated key exchange, Cryptology ePrint Archive, Report 2003/032, http://eprint.iacr.org/2003/032.

[23] Gennaro, R. and Lindell, Y. (2003b). A framework for password-based authenticated key exchange (extended abstract), in E. Biham (Ed.), Advances in Cryptology, EUROCRYPT 2003, Lecture Notes in Computer Science, Vol. 2656, Springer, Berlin/Heidelberg, pp. 524–543.

[24] Gennaro, R. and Lindell, Y. (2006). A framework for password-based authenticated key exchange, ACM Transactions on Information and System Security 9(2): 181–234, DOI: 10.1145/1151414.1151418.

[25] González Vasco, M.I., Martínez, C., Steinwandt, R. and Villar, J.L. (2005). A new Cramer-Shoup like methodology for group based provably secure schemes, in J. Kilian (Ed.), Proceedings of the 2nd Conference on Theory of Cryptography, TCC 2005, Lecture Notes in Computer Science, Vol. 3378, Springer, Berlin/Heidelberg, pp. 495–509.

[26] Gorantla, M.C., Boyd, C., González Nieto, J.M. and Manulis, M. (2010). Generic one round group key exchange in the standard model, Information, Security and Cryptology, ICISC 2009, Lecture Notes in Computer Science, Vol. 5984, Springer, Berlin/Heidelberg, pp. 1–15.

[27] Hwang, J.Y., Lee, S.-M. and Lee, D.H. (2004). Scalable key exchange transformation: From two-party to group, Electronic Letters 40(12): 728–729.

[28] Kalai, Y.T. (2005). Smooth projective hashing and two-message oblivious transfer, in R. Cramer (Ed.), Advances in Cryptology, EUROCRYPT 2005, Lecture Notes in Computer Science, Vol. 3494, Springer, Berlin/Heidelberg, pp. 78–95.

[29] Katz, J., Ostrovsky, R. and Yung, M. (2001). Efficient password-authenticated key exchange using human-memorable passwords, in B. Pfitzmann (Ed.), Advances in Cryptology, EUROCRYPT 2001, Lecture Notes in Computer Science, Vol. 2045, Springer, Berlin/Heidelberg, pp. 475–494.

[30] Katz, J., Ostrovsky, R. and Yung, M. (2006). Efficient and secure authenticated key exchange using weak passwords, http://www.cs.umd.edu/˜jkatz/papers/password.pdf.

[31] Katz, J. and Shin, J.S. (2005). Modeling insider attacks on group key-exchange protocols, Cryptology ePrint Archive, Report 2005/163, http://eprint.iacr.org/2005/163.

[32] Katz, J. and Vaikuntanathan, V. (2013). Round-optimal password-based authenticated key exchange, Journal of Cryptology 26(4): 714–743.

[33] Katz, J. and Yung, M. (2007). Scalable protocols for authenticated group key exchange, Journal of Cryptology 20(1): 85–113.

[34] Kurosawa, K. and Desmedt, Y. (2004). A new paradigm of hybrid encryption scheme, in M. Franklin (Ed.), Advances in Cryptology, CRYPTO 2004, Lecture Notes in Computer Science, Vol. 3152, Springer, Berlin/Heidelberg, pp. 426–442.

[35] Mayer, A. and Yung, M. (1999). Secure protocol transformation via “Expansion”: From two-party to groups, Proceedings of the 6th ACM Conference on Computer and Communications Security, CCS’99, New York, NY, USA, pp. 83–92.

[36] Nam, J., Paik, J. and Won, D. (2011). A security weakness in Abdalla et al.’s generic construction of a group key exchange protocol, Information Sciences 181(1): 234–238, DOI: 10.1016/j.ins.2010.09.011.

[37] Shoup, V. (2006). An emerging standard for public-key encryption, ISO 18033-2, International Organization for Standardization, Geneva, http://www.shoup.net/iso/std6.pdf.