Language selection

Government of Canada / Gouvernement du Canada

Search

Making an asymmetric PAKE quantum-annoying by hiding group elements

From National Research Council Canada

DOIResolve DOI: https://doi.org/10.1007/978-3-031-50594-2_9
AuthorSearch for: ORCID identifier: https://orcid.org/0000-0002-3389-208X; Search for: 1; Search for: ORCID identifier: https://orcid.org/0000-0001-9443-3170
Affiliation
  1. National Research Council Canada. Digital Technologies
FormatText, Book Chapter
Conference28th European Symposium on Research in Computer Security (ESORICS 2023), September 25–29, 2023, The Hague, The Netherlands
Subjectpassword-authenticated key exchange; quantum-resistant; quantum-annoying; generic group model
Abstract
The KHAPE-HMQV protocol is a state-of-the-art highly efficient asymmetric password-authenticated key exchange protocol that provides several desirable security properties, but has the drawback of being vulnerable to quantum adversaries due to its reliance on discrete logarithm-based building blocks: solving a single discrete logarithm allows the attacker to perform an offline dictionary attack and recover the password. We show how to modify KHAPE-HMQV to make the protocol quantum-annoying: a classical adversary who has the additional ability to solve discrete logarithms can only break the protocol by solving a discrete logarithm for each guess of the password. While not fully resistant to attacks by quantum computers, a quantum-annoying protocol could offer some resistance to quantum adversaries for whom discrete logarithms are relatively expensive. Our modification to the protocol is small: encryption (using an ideal cipher) is added to one message. Our analysis uses the same ideal cipher model assumption as the original analysis of KHAPE, and quantum annoyingness is modelled using an extension of the generic group model which gives a classical adversary a discrete logarithm oracle.
Publication date
PublisherSpringer Nature
In
  • Computer Security – ESORICS 2023 (12 January 2024): 168188.
Series
  • Lecture Notes in Computer Science 14344.
LanguageEnglish
Peer reviewedYes
Export citationExport as RIS
Report a correctionReport a correction (opens in a new tab)
Record identifier16d6f03f-ae1a-4291-bac8-79baa8c118df
Record created2024-02-07
Record modified2024-02-07
Date modified: