Title :
Security of the J-PAKE Password-Authenticated Key Exchange Protocol
Author :
Abdalla, Michel ; Benhamouda, Fabrice ; MacKenzie, Philip
Author_Institution :
ENS, INRIA, Paris, France
Abstract :
J-PAKE is an efficient password-authenticated key exchange protocol that is included in the Open SSL library and is currently being used in practice. We present the first proof of security for this protocol in a well-known and accepted model for authenticated key-exchange, that incorporates online and offline password guessing, concurrent sessions, forward secrecy, server compromise, and loss of session keys. This proof relies on the Decision Square Diffie-Hellman assumption, as well as a strong security assumption for the non-interactive zero-knowledge (NIZK) proofs in the protocol (specifically, simulation-sound extractability). We show that the Schnorr proof-of-knowledge protocol, which was recommended for the J-PAKE protocol, satisfies this strong security assumption in a model with algebraic adversaries and random oracles, and extend the full J-PAKE proof of security to this model. Finally, we show that by modifying the recommended labels in the Schnorr protocol used in J-PAKE, we can achieve a security proof for J-PAKE with a tighter security reduction.
Keywords :
cryptographic protocols; J-PAKE password-authenticated key exchange protocol; NIZK proofs; Open SSL library; Schnorr proof-of-knowledge protocol; algebraic adversaries; concurrent sessions; decision square Diffie-Hellman assumption; forward secrecy; noninteractive zero-knowledge proofs; offline password guessing; online password guessing; random oracles; security proof; security reduction; server compromise; session keys loss; simulation-sound extractability; Computational modeling; Cryptography; Dictionaries; Protocols; Servers; Standards;
Conference_Titel :
Security and Privacy (SP), 2015 IEEE Symposium on
Conference_Location :
San Jose, CA
