Geodesic
On security of the SESPAKE protocol
Prikladnaâ diskretnaâ matematika, no. 4 (2020), pp. 5-41.

Voir la notice de l'article provenant de la source Math-Net.Ru

The Security Evaluated Standardized Password Authenticated Key Exchange (SESPAKE) protocol is standardized in Russia as R 50.1.115-2016. The current paper provides analysis of the protocol in relevant adversary models. We define new indistinguishability-based adversary model with a threat of false authentication that is an extension of the original indistinguishability-based model up to the case of protocols with authentication step without key diversification. We prove the protocol security in two adversary models with a classic threat of distinguishing a generated session key from a random string and with a threat of false authentication.
Keywords: models and methods in information security, cryptographic protocols. 
@article{PDM_2020_4_a0,
     author = {E. K. Alekseev and S. V. Smyshlyaev},
     title = {On security of the {SESPAKE} protocol},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {5--41},
     publisher = {mathdoc},
     number = {4},
     year = {2020},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2020_4_a0/}
}
TY  - JOUR
AU  - E. K. Alekseev
AU  - S. V. Smyshlyaev
TI  - On security of the SESPAKE protocol
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2020
SP  - 5
EP  - 41
IS  - 4
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2020_4_a0/
LA  - ru
ID  - PDM_2020_4_a0
ER  - 
%0 Journal Article
%A E. K. Alekseev
%A S. V. Smyshlyaev
%T On security of the SESPAKE protocol
%J Prikladnaâ diskretnaâ matematika
%D 2020
%P 5-41
%N 4
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2020_4_a0/
%G ru
%F PDM_2020_4_a0
E. K. Alekseev; S. V. Smyshlyaev. On security of the SESPAKE protocol. Prikladnaâ diskretnaâ matematika, no. 4 (2020), pp. 5-41. http://geodesic.mathdoc.fr/item/PDM_2020_4_a0/

[1] S. Bellovin, M. Merritt, “Encrypted key exchange: password-based protocols secure against dictionary attacks”, Proc. IEEE Symp. Research in Security and Privacy (Oakland, CA, USA, May, 1992), 1992, 72–84

[2] M. Bellare, P. Rogaway, The AuthA protocol for password-based authenticated key exchange, Contributions to IEEE 1363 (March 2000) https://web.cs.ucdavis.edu/r̃ogaway/papers/autha.pdf

[3] E. Bresson, O. Chevassut, D. Pointcheval, “Security proofs for an efficient password-based key exchange”, Proc. 10th ACM Conf. CCS-03, 2003, 241–250

[4] V. Boyko, P. MacKenzie, S. Patel, “Provably secure password authenticated and key exchange using Diffie Hellman”, LNCS, 1807, 2000, 156–171

[5] R. Canetti, S. Halevi, J. Katz et al, “Universally composable password-based key exchange”, LNCS, 3494, 2005, 404–421

[6] M. Bellare, R. Canetti, H. Krawczyk, “A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract)”, Proc. 30th Ann. ACM Symp. Theory Comput., ACM Press, 1998, 419–428

[7] M. Bellare, P. Rogaway, “Entity authentication and key distribution”, LNCS, 773, 1994, 232–249

[8] M. Bellare, D. Pointcheval, P. Rogaway, “Authenticated key exchange secure against dictionary attacks”, LNCS, 1807, 2000, 139–155

[9] M. Abdalla, D. Pointcheval, “Simple password-based encrypted key exchange protocols”, LNCS, 3376, 2005, 191–208

[10] J. Bender, M. Fischlin, D. Kugler, “Security analysis of the PACE key-agreement protocol”, LNCS, 5735, 2009, 33–48

[11] T. Jager, F. Kohlar, S. Schage, J. Schwenk, On the Security of TLS-DHE in the Standard Model, Cryptology ePrint Archive: Report 2011/219

[12] Information Technology. Cryptographic Data Security. Password Authenticated Key Establishment Protocol. Recommendations for Standardization R 50.1.115-2016, Standartinform, M., 2016 (in Russian)

[13] E. K. Alekseev, L. R. Akhmetzyanova, I. B. Oshkin, S. V. Smyshlyaev, “A review of the password authenticated key exchange protocols vulnerabilities and principles of the SESPAKE protocol construction”, Matem. Vopr. Kriptogr., 7:4 (2016), 7–28 (in Russian)

[14] M. Abdalla, Reducing The Need For Trusted Parties In Cryptography, , 2011 https://tel.archives-ouvertes.fr/tel-00917187

[15] M. Bellare, “Practice-oriented provable-security”, LNCS, 1396, 1998, 221–231

[16] L. R. Ahmetzyanova, E. K. Alekseev, G. A. Karpunin, S. V. Smyshlyaev, “On cryptographic properties of the CVV and PVV parameters generation procedures in payment systems”, Matem. Vopr. Kriptogr., 9:2 (2018), 23–46

[17] O. Goldreich, Foundations of Cryptography, v. 1, Cambridge University Press, N.Y., 2006

[18] E. K. Alekseev, L. R. Axmetzyanova, A. M. Zubkov et al., “On one approach to formalization of cryptographic analysis tasks”, Matem. Vopr. Kriptogr., 2020 (in Russian)

[19] J. A. Halderman, S. D. Schoen, N. Heninger et al, “Lest we remember: Cold-boot attacks on encryption keys”, Commun. ACM, 52:5 (2009) http://www.cs.umd.edu/class/spring2016/cmsc414/papers/coldboot.pdf

[20] M. Bellare, A. Desai, E. Jokipii, P. Rogaway, “A concrete security treatment of symmetric encryption”, Proc. 38th Symp. Foundations Comput. Sci., IEEE, 2000, 394–403

[21] M. Abdalla, P. A. Fouque, D. Pointcheval, “Password-based authenticated key exchange in the three-party setting”, LNCS, 3386, 2005, 65–84

[22] M. Bellare, P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols”, Proc. 1st ACM Conf. CCS-93, 1993, 62–73 | DOI

[23] E. Alekseev, V. Nikolaev, S. Smyshlyaev, “On the security properties of Russian standardized elliptic curves”, Matem. Vopr. Kriptogr., 9:3 (2018), 5–32

[24] Information Technology. Cryptographic Data Security. Password-Based Key Protection. Recommendations for Standardization R 50.1.111-2016, Standartinform, M., 2016 (in Russian)

[25] GOST R 34.11-2012 “Information Technology. Cryptographic Data Security. Hash Function”, Standartinform, M., 2012 (in Russian)

[26] Information Technology. Cryptographic Data Security. Additional Cryptographic Algorithms for Digital Signature Algorithms and Hash Function. Recommendations for Standardization R 50.1.113-2016, Standartinform, M., 2016 (in Russian)

[27] F. Vercauteren, Final Report on Main Computational Assumptions in Cryptography. ICT-2007-216676, ECRYPT II, European Network of Excellence in Cryptology II. D.MAYA.6. 2013

[28] GOST R 34.10-2012 “Information Technology. Cryptographic Data Security. Processes of Digital Signature Creation and Verification”, Standartinform, M., 2012 (in Russian)