Generalized Fuzzy Password-Authenticated Key Exchange from Error Correcting Codes
Embargo bis 2025-01-31
Autor(in)
Alle anzeigen
Datum
2023Typ
- Conference Paper
ETH Bibliographie
yes
Altmetrics
Abstract
Fuzzy Password-Authenticated Key Exchange (fuzzy PAKE) allows cryptographic keys to be generated from authentication data that is both fuzzy and of low entropy. The strong protection against offline attacks offered by fuzzy PAKE opens an interesting avenue towards secure biometric authentication, typo-tolerant password authentication, and automated IoT device pairing. Previous constructions of fuzzy PAKE are either based on Error Correcting Codes (ECC) or generic multi-party computation techniques such as Garbled Circuits. While ECC-based constructions are significantly more efficient, they rely on multiple special properties of error correcting codes such as maximum distance separability and smoothness. We contribute to the line of research on fuzzy PAKE in two ways. First, we identify a subtle but devastating gap in the security analysis of the currently most efficient fuzzy PAKE construction (Dupont et al., Eurocrypt 2018), allowing a man-in-the-middle attacker to test individual password characters. Second, we provide a new fuzzy PAKE scheme based on ECC and PAKE that provides a built-in protection against individual password character guesses and requires fewer, more standard properties of the underlying ECC. Additionally, our construction offers better error correction capabilities than previous ECC-based fuzzy PAKEs. Mehr anzeigen
Persistenter Link
https://doi.org/10.3929/ethz-b-000643380Publikationsstatus
publishedExterne Links
Buchtitel
Advances in Cryptology – ASIACRYPT 2023Zeitschrift / Serie
Lecture Notes in Computer ScienceBand
Seiten / Artikelnummer
Verlag
SpringerKonferenz
Ausgabe / Version
1st EditionThema
Attacks on Public-Key Constructions; Key Exchange Protocols; Password-Based Cryptography; UC FrameworkOrganisationseinheit
09693 - Hofheinz, Dennis / Hofheinz, Dennis
ETH Bibliographie
yes
Altmetrics