2013 | OriginalPaper | Chapter
New Techniques for SPHFs and Efficient One-Round PAKE Protocols
Authors : Fabrice Benhamouda, Olivier Blazy, Céline Chevalier, David Pointcheval, Damien Vergnaud
Published in: Advances in Cryptology – CRYPTO 2013
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Password-authenticated key exchange
(
PAKE
) protocols allow two players to agree on a shared high entropy secret key, that depends on their own passwords only. Following the Gennaro and Lindell’s approach, with a new kind of
smooth-projective hash functions
(
SPHF
s), Katz and Vaikuntanathan recently came up with the first concrete one-round
PAKE
protocols, where the two players just have to send simultaneous flows to each other. The first one is secure in the Bellare-Pointcheval-Rogaway (BPR) model and the second one in the Canetti’s UC framework, but at the cost of
simulation-sound non-interactive zero-knowledge
(
SS
−
NIZK
) proofs (one for the BPR-secure protocol and two for the UC-secure one), which make the overall constructions not really efficient.
This paper follows their path with, first, a new efficient instantiation of
SPHF
on Cramer-Shoup ciphertexts, which allows to get rid of the
SS
−
NIZK
proof and leads to the design of the most efficient one-round
PAKE
known so far, in the BPR model, and in addition without pairings.
In the UC framework, the security proof required the simulator to be able to extract the hashing key of the
SPHF
, hence the additional
SS
−
NIZK
proof. We improve the way the latter extractability is obtained by introducing the notion of
trapdoor smooth projective hash functions
(
TSPHF
s). Our concrete instantiation leads to the most efficient one-round
PAKE
UC-secure against static corruptions to date.
We additionally show how these
SPHF
s and
TSPHF
s can be used for blind signatures and zero-knowledge proofs with straight-line extractability.