References of "Lancrenon, Jean 50002164"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailOn Composability of Game-based Password Authenticated Key Exchange
Skrobot, Marjan UL; Lancrenon, Jean UL

in Skrobot, Marjan; Lancrenon, Jean (Eds.) 2018 IEEE European Symposium on Security and Privacy (EuroS&P) (2018, April)

It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key ... [more ▼]

It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key Protocol (SKP). Unfortunately, most PAKEs of practical interest are studied using so-called game-based models, which – unlike simulation models – do not guarantee secure composition per se. However, Brzuska et al. (CCS 2011) have shown that middle ground is possible in the case of authenticated key exchange that relies on Public- Key Infrastructure (PKI): the game-based models do provide secure composition guarantees when the class of higher-level applications is restricted to SKPs. The question that we pose in this paper is whether or not a similar result can be exhibited for PAKE. Our work answers this question positively. More specifically, we show that PAKE protocols secure according to the game-based Real-or-Random (RoR) definition with the weak forward secrecy of Abdalla et al. (S&P 2015) allow for safe composition with arbitrary, higher-level SKPs. Since there is evidence that most PAKEs secure in the Find-then-Guess (FtG) model are in fact secure according to RoR definition, we can conclude that nearly all provably secure PAKEs enjoy a certain degree of composition, one that at least covers the case of implementing secure channels. [less ▲]

Detailed reference viewed: 21 (3 UL)
Full Text
Peer Reviewed
See detailTwo More Efficient Variants of the J-PAKE Protocol
Skrobot, Marjan UL; Lancrenon, Jean UL; Tang, Qiang UL

in ACNS 2016 (2016, June)

Recently, the password-authenticated key exchange protocol J-PAKE of Hao and Ryan (Workshop on Security Protocols 2008) was formally proven secure in the algebraic adversary model by Abdalla et al. (IEEE ... [more ▼]

Recently, the password-authenticated key exchange protocol J-PAKE of Hao and Ryan (Workshop on Security Protocols 2008) was formally proven secure in the algebraic adversary model by Abdalla et al. (IEEE S&P 2015). In this paper, we propose and examine two variants of J-PAKE - which we call RO-J-PAKE and CRS-J-PAKE - that each makes the use of two less zero-knowledge proofs than the original protocol. We show that they are provably secure following a similar strategy to that of Abdalla et al. We also study their efficiency as compared to J-PAKE's, also taking into account how the groups are chosen. Namely, we treat the cases of subgroups of finite fields and elliptic curves. Our work reveals that, for subgroups of finite fields, CRS-J-PAKE is indeed more efficient than J-PAKE, while RO-J-PAKE is much less efficient. On the other hand, when instantiated with elliptic curves, both RO-J-PAKE and CRS-J-PAKE are more efficient than J-PAKE, with CRS-J-PAKE being the best of the three. We illustrate this experimentally, making use of recent research by Brier et al. (CRYPTO 2010). Regardless of implementation, we note that RO-J-PAKE enjoys a looser security reduction than both J-PAKE and CRS-J-PAKE. CRS-J-PAKE has the tightest security proof, but relies on an additional trust assumption at setup time. We believe our results can be useful to anyone interested in implementing J-PAKE, as perhaps either of these two new protocols may also be options, depending on the deployment context. [less ▲]

Detailed reference viewed: 268 (40 UL)
Full Text
Peer Reviewed
See detailAttribute-Based Signatures with Controllable Linkability
Perez Urquidi, Jose Miguel UL; Lancrenon, Jean UL; Khader, Dalia et al

in Yung, Moti; Zhang, Jianbiao; Yang, Zhen (Eds.) Trusted Systems: 7th International Conference, INTRUST 2015, Beijing, China, December 7-8, 2015, Revised Selected Papers (2016, March)

We introduce Attribute-Based Signatures with Controllable Linkability ABS-CL. In general, Attribute-Based Signatures allow a signer who possesses enough attributes to satisfy a predicate to sign a message ... [more ▼]

We introduce Attribute-Based Signatures with Controllable Linkability ABS-CL. In general, Attribute-Based Signatures allow a signer who possesses enough attributes to satisfy a predicate to sign a message without revealing either the attributes utilized for signing or the identity of the signer. These signatures are an alternative to Identity-Based Signatures for more fine-grained policies or enhanced privacy. On the other hand, the Controllable Linkability notion introduced by Hwang et al. allows an entity in possession of the linking key to determine if two signatures were created by the same signer without breaking anonymity. This functionality is useful in applications where a lower level of anonymity to enable linkability is acceptable, such as some cases of vehicular ad-hoc networks, data mining, and voting schemes. The ABS-CL scheme we present allows a signer with enough attributes satisfying a predicate to sign a message, while an entity with the linking key may test if two such signatures were created by the same signer, all without revealing the satisfying attributes or the identity of the signer. [less ▲]

Detailed reference viewed: 167 (26 UL)
Full Text
Peer Reviewed
See detailOn Password-Authenticated Key Exchange Security Modeling
Lancrenon, Jean UL

in Stajano, Frank; Mjolsnes, Stig; Jenkinson, Graeme (Eds.) et al Technology and practice of passwords: 9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings (2016, March)

Deciding which security model is the right one for Authenticated Key Exchange (AKE) is well-known to be a difficult problem. In this paper, we examine definitions of security for Password-AKE (PAKE) in ... [more ▼]

Deciding which security model is the right one for Authenticated Key Exchange (AKE) is well-known to be a difficult problem. In this paper, we examine definitions of security for Password-AKE (PAKE) in the style proposed by Bellare et al. at Eurocrypt 2000. Indeed, there does not seem to be any consensus, even when narrowing the study down to this particular authentication method and model style, on how to precisely define fundamental notions such as accepting, terminating, and partnering. The aim of this paper is to begin addressing this problem. We first show how definitions vary from paper to paper. We then propose and thoroughly motivate a definition of our own, and use the opportunity to correct a minor flaw in a more recent and more PAKE-appropriate model proposed by Abdalla et al. at Public Key Cryptography 2005. Finally, we argue that the uniqueness of partners holding with overwhelming probability ought to be an explicitly required and proven property for AKE in general, but even more so in the password case, where the optimal security bound one aims to achieve is no longer a negligible value. To drive this last point, we exhibit a protocol that is provably secure following the Abdalla et al. definition, and at the same time fails to satisfy this property. [less ▲]

Detailed reference viewed: 142 (24 UL)
Full Text
Peer Reviewed
See detailOn the Provable Security of the Dragonfly Protocol
Skrobot, Marjan UL; Lancrenon, Jean UL

in Lopez, Javier; Mitchell, Chris J. (Eds.) Information Security - 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015 (2015, September)

Detailed reference viewed: 149 (16 UL)
Full Text
Peer Reviewed
See detailWhat Public Keys Can Do for Three-Party, Password-Authenticated Key Exchange
Lancrenon, Jean UL

in Sokratis; Agudo, Isaac (Eds.) Public Key Infrastructures, Services and Applications: 10th European Workshop, EuroPKI 2013, Egham, UK, September 12-13, 2013, Revised Selected Papers (2014, September)

We study three-party, password-authenticated key exchange protocols where the trusted third party has a high-entropy private key to which corresponds a public key. In this scenario we can maintain the ... [more ▼]

We study three-party, password-authenticated key exchange protocols where the trusted third party has a high-entropy private key to which corresponds a public key. In this scenario we can maintain the user-friendliness of password authentication while provably achieving security properties that ordinary password-authenticated key exchange protocols cannot, namely resistance against key compromise impersonation and a special form of internal state revealing. We define security models tailored to our case and illustrate our work with several protocols. [less ▲]

Detailed reference viewed: 141 (26 UL)
See detailPassword-based Authenticated Key Establishment Protocols
Lancrenon, Jean UL; Khader, Dalia UL; Ryan, Peter UL et al

in Computer And Information Security Handbook (2013)

Detailed reference viewed: 367 (31 UL)