Reference : Two More Efficient Variants of the J-PAKE Protocol
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/26452
Two More Efficient Variants of the J-PAKE Protocol
English
Skrobot, Marjan mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Lancrenon, Jean mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Tang, Qiang mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Jun-2016
ACNS 2016
Yes
International
978-3-319-39555-5
ACNS 2016
19-06-2016 to 22-06-2016
University of Surrey
London (Guildford)
United Kingdom
[en] Password-authenticated key exchange ; J-PAKE ; Efficiency ; Random oracle ; Common reference string ; Zero-knowledge proof
[en] Recently, the password-authenticated key exchange protocol J-PAKE of Hao and Ryan (Workshop on Security Protocols 2008) was formally proven secure in the algebraic adversary model by Abdalla et al. (IEEE S&P 2015). In this paper, we propose and examine two variants of J-PAKE - which we call RO-J-PAKE and CRS-J-PAKE - that each makes the use of two less zero-knowledge proofs than the original protocol. We show that they are provably secure following a similar strategy to that of Abdalla et al. We also study their efficiency as compared to J-PAKE's, also taking into account how the groups are chosen. Namely, we treat the cases of subgroups of finite fields and elliptic curves. Our work reveals that, for subgroups of finite fields, CRS-J-PAKE is indeed more efficient than J-PAKE, while RO-J-PAKE is much less efficient. On the other hand, when instantiated with elliptic curves, both RO-J-PAKE and CRS-J-PAKE are more efficient than J-PAKE, with CRS-J-PAKE being the best of the three. We illustrate this experimentally, making use of recent research by Brier et al. (CRYPTO 2010). Regardless of implementation, we note that RO-J-PAKE enjoys a looser security reduction than both J-PAKE and CRS-J-PAKE. CRS-J-PAKE has the tightest security proof, but relies on an additional trust assumption at setup time. We believe our results can be useful to anyone interested in implementing J-PAKE, as perhaps either of these two new protocols may also be options, depending on the deployment context.
Interdisciplinary Centre for Security, Reliability and Trust
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/26452
FnR ; FNR9472655 > Peter Y. A. Ryan > Sequoia > Security properties, process equivalences and automated veri cation > 01/02/2015 > 31/01/2019 > 2015

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Two More Efficient Variants of the J-PAKE Protocol.pdfAuthor postprint544.45 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.