An Offline Dictionary Attack Against zkPAKE Protocol

Lopez Becerra, José Miguel; Ryan, Peter; Sala, Petra; Skrobot, Marjan

doi:10.1145/1235

Reference : An Offline Dictionary Attack Against zkPAKE Protocol


	Document type :	Scientific congresses, symposiums and conference proceedings : Poster
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Computational Sciences
	To cite this reference:	http://hdl.handle.net/10993/37403

Title :	An Offline Dictionary Attack Against zkPAKE Protocol
Language :	English
Translated title :	[en] An Offline Dictionary Attack Against zkPAKE Protocol
Author, co-author :	Lopez Becerra, José Miguel [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Ryan, Peter [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Sala, Petra [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Skrobot, Marjan []
Publication date :	Jun-2018
Peer reviewed :	Yes
Audience :	International
Event name :	WiSec2018
Event date :	From 18-06-20018 to 20-06-2018
Event organizer :	KTH Royal Institute of Technology Stockholm
Event place (city) :	Stockholm
Event country :	Sweden
Keywords :	[en] Password Authenticated Key Exchange ; zkPAKE ; Offlne Dictionary Attack
Abstract :	[en] Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism
Research centres :	University of Luxembourg: High Performance Computing - ULHPC
Target :	Researchers
Permalink :	http://hdl.handle.net/10993/37403
DOI :	10.1145/1235

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	poster_zkPAKE.pdf		Author preprint	238.87 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices