Reference : An offline dictionary attack against zkPAKE protocol
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/39540
An offline dictionary attack against zkPAKE protocol
English
Lopez Becerra, José Miguel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Ryan, Peter mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Sala, Petra mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Skrobot, Marjan []
2019
An offline dictionary attack against zkPAKE protocol
Springer
Yes
No
International
34th IFIP TC-11 SEC 2019 International Conference on Information Security and Privacy Protection
from 25-6-2019 to 27-6-2019
[en] Password Authenticated Key Exchange ; Augmented PAKE ; zk-PAKE
[en] Password Authenticated Key Exchange (PAKE) allows a
user to establish a secure cryptographic key with a server, using only
knowledge of a pre-shared password. One of the basic security require-
ments of PAKE is to prevent o ine dictionary attacks.
In this paper, we revisit zkPAKE, an augmented PAKE that has been
recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our
work shows that the zkPAKE protocol is prone to o ine password guess-
ing attack, even in the presence of an adversary that has only eavesdrop-
ping capabilities. Results of performance evaluation show that our attack
is practical and e cient.Therefore, zkPAKE is insecure and should not
be used as a password-authenticated key exchange mechanism.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/39540
This work was supported by the Luxembourg National Research Fund through
grant PRIDE15/10621687/SPsquared and under CORE project AToMS (Project
ID 8293135).
FnR ; FNR8293135 > Peter Y. A. Ryan > AToMS > A Theory of Matching Sessions > 01/05/2015 > 30/04/2018 > 2014

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
zkPAKE_final.pdfPublisher postprint302.65 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.