Round-reduced modular construction of asymmetric password-authenticated key exchange

Jung Yeon Hwang, Stanislaw Jarecki, Taekyoung Kwon, Joohee Lee, Ji Sun Shin, Jiayu Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)


Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].

Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings
EditorsDario Catalano, Roberto De Prisco
PublisherSpringer Verlag
Number of pages20
ISBN (Print)9783319981123
Publication statusPublished - 2018
Event11th International Conference on Security and Cryptography for Networks, SCN 2018 - Amalfi, Italy
Duration: 2018 Sept 52018 Sept 7

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11035 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other11th International Conference on Security and Cryptography for Networks, SCN 2018

Bibliographical note

Funding Information:
Acknowledgements. This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government, Ministry of Science and ICT (MSIT) (No. 2016-0-00097, Development of Biometrics-Based Key Infrastructure Technology for Online Identification, and No. 2018-0-01369, Developing blockchain identity management system with implicit augmented authentication and privacy protection for O2O services), and supported by the MSIT, Korea, under the ITRC (Information Technology Research Center) support programs (IITP-2018-0-01423, and IITP-2018-2016-0-00304) supervised by the IITP. This work was also supported by Samsung Research Funding Center of Samsung Electronics under Project (No. SRFC-TB1403-52). We would like to thank anonymous SCN 2018 reviewers for their valuable comments.

Publisher Copyright:
© 2018, Springer Nature Switzerland AG.

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Round-reduced modular construction of asymmetric password-authenticated key exchange'. Together they form a unique fingerprint.

Cite this