Two More Efficient Variants of the J-PAKE Protocol

Skrobot, Marjan; Lancrenon, Jean; Tang, Qiang

Reference : Two More Efficient Variants of the J-PAKE Protocol


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/26452

Title :	Two More Efficient Variants of the J-PAKE Protocol
Language :	English
Author, co-author :	Skrobot, Marjan [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Lancrenon, Jean [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Tang, Qiang [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	Jun-2016
Main document title :	ACNS 2016
Peer reviewed :	Yes
Audience :	International
ISBN :	978-3-319-39555-5
Event name :	ACNS 2016
Event date :	19-06-2016 to 22-06-2016
Event organizer :	University of Surrey
Event place (city) :	London (Guildford)
Event country :	United Kingdom
Keywords :	[en] Password-authenticated key exchange ; J-PAKE ; Efficiency ; Random oracle ; Common reference string ; Zero-knowledge proof
Abstract :	[en] Recently, the password-authenticated key exchange protocol J-PAKE of Hao and Ryan (Workshop on Security Protocols 2008) was formally proven secure in the algebraic adversary model by Abdalla et al. (IEEE S&P 2015). In this paper, we propose and examine two variants of J-PAKE - which we call RO-J-PAKE and CRS-J-PAKE - that each makes the use of two less zero-knowledge proofs than the original protocol. We show that they are provably secure following a similar strategy to that of Abdalla et al. We also study their efficiency as compared to J-PAKE's, also taking into account how the groups are chosen. Namely, we treat the cases of subgroups of finite fields and elliptic curves. Our work reveals that, for subgroups of finite fields, CRS-J-PAKE is indeed more efficient than J-PAKE, while RO-J-PAKE is much less efficient. On the other hand, when instantiated with elliptic curves, both RO-J-PAKE and CRS-J-PAKE are more efficient than J-PAKE, with CRS-J-PAKE being the best of the three. We illustrate this experimentally, making use of recent research by Brier et al. (CRYPTO 2010). Regardless of implementation, we note that RO-J-PAKE enjoys a looser security reduction than both J-PAKE and CRS-J-PAKE. CRS-J-PAKE has the tightest security proof, but relies on an additional trust assumption at setup time. We believe our results can be useful to anyone interested in implementing J-PAKE, as perhaps either of these two new protocols may also be options, depending on the deployment context.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust
Funders :	Fonds National de la Recherche - FnR
Target :	Researchers ; Professionals ; Students
Permalink :	http://hdl.handle.net/10993/26452
FnR project :	FnR ; FNR9472655 > Peter Y. A. Ryan > Sequoia > Security properties, process equivalences and automated veri cation > 01/02/2015 > 31/01/2019 > 2015

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Two More Efficient Variants of the J-PAKE Protocol.pdf		Author postprint	544.45 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices