Reference : An Offline Dictionary Attack Against zkPAKE Protocol
Scientific congresses, symposiums and conference proceedings : Poster
Engineering, computing & technology : Computer science
Computational Sciences
http://hdl.handle.net/10993/37403
An Offline Dictionary Attack Against zkPAKE Protocol
English
[en] An Offline Dictionary Attack Against zkPAKE Protocol
Lopez Becerra, José Miguel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Ryan, Peter mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Sala, Petra mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Skrobot, Marjan mailto []
Jun-2018
Yes
International
WiSec2018
From 18-06-20018 to 20-06-2018
KTH Royal Institute of Technology Stockholm
Stockholm
Sweden
[en] Password Authenticated Key Exchange ; zkPAKE ; Offlne Dictionary Attack
[en] Password Authenticated Key Exchange (PAKE) allows a
user to establish a strong cryptographic key with a server,
using only knowledge of a pre-shared password. One of the
basic security requirements of PAKE is to prevent o ine
dictionary attacks.
In this paper, we revisit zkPAKE, an augmented PAKE
that has been recently proposed by Mochetti, Resende, and
Aranha (SBSeg 2015). Our work shows that the zkPAKE
protocol is prone to o ine password guessing attack, even
in the presence of an adversary that has only eavesdropping
capabilities. Therefore, zkPAKE is insecure and should not
be used as a password-authenticated key exchange mechanism
University of Luxembourg: High Performance Computing - ULHPC
Researchers
http://hdl.handle.net/10993/37403
10.1145/1235

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
poster_zkPAKE.pdfAuthor preprint238.87 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.