An Offline Dictionary Attack Against zkPAKE Protocol

[en] Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism

Research center :

ULHPC - University of Luxembourg: High Performance Computing

Disciplines :

Computer science

Author, co-author :

LOPEZ BECERRA, José Miguel ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

RYAN, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

SALA, Petra ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Skrobot, Marjan

External co-authors :

Language :

English

Title :

An Offline Dictionary Attack Against zkPAKE Protocol

Alternative titles :

[en] An Offline Dictionary Attack Against zkPAKE Protocol

Publication date :

June 2018

Event name :

WiSec2018

Event organizer :

KTH Royal Institute of Technology Stockholm

Event place :

Stockholm, Sweden

Event date :

From 18-06-20018 to 20-06-2018

Audience :

International

Focus Area :

Computational Sciences

Available on ORBilu :

since 22 November 2018

Statistics

Number of views

172 (19 by Unilu)

Number of downloads

399 (17 by Unilu)

More statistics

OpenAlex citations