The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Quase todos os esquemas existentes de troca de chaves autenticadas (PAKE) baseadas em senha alcançam segurança simultânea no modelo padrão, contando com o modelo de cadeia de referência comum (CRS). Uma desvantagem do modelo CRS é exigir uma autoridade centralizada e confiável na fase de configuração; assim, as senhas das partes podem ser reveladas se a autoridade fizer mau uso das informações do alçapão do CRS. Existem alguns esquemas PAKE seguros no modelo simples, mas estes não são alcançáveis em uma rodada constante (ou seja, contendo um número linear de rodadas). Neste artigo, discutimos como relaxar a suposição de configuração para esquemas PAKE (rodada constante). Nós nos concentramos no modelo multi-string (MS) que permite que várias autoridades (incluindo autoridades maliciosas) forneçam algumas strings de referência de forma independente. O modelo MS é uma suposição de configuração mais relaxada do que o modelo CRS porque não confiamos em nenhuma autoridade única (ou seja, apenas assumindo que a maioria das autoridades gera honestamente suas cadeias de referência). Embora o modelo MS seja ligeiramente restritivo do que o modelo simples, é uma suposição muito razoável porque é muito fácil de implementar. Construímos um esquema PAKE de três movimentos (simultaneamente seguro) no modelo MS (justamente sem oráculos aleatórios) baseado no esquema Groce-Katz PAKE. O ingrediente principal do nosso esquema é a prova de conhecimento zero não interativa extraível por simulação de múltiplas cadeias que fornece tanto a capacidade de extração da simulação quanto a propriedade de conhecimento zero de extração, mesmo que as autoridades minoritárias sejam maliciosas. Este trabalho pode ser visto como um marco em direção aos esquemas PAKE redondos constantes no modelo simples.
Kazuki YONEYAMA
Ibaraki University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Kazuki YONEYAMA, "Password-Based Authenticated Key Exchange without Centralized Trusted Setup" in IEICE TRANSACTIONS on Fundamentals,
vol. E103-A, no. 10, pp. 1142-1156, October 2020, doi: 10.1587/transfun.2019DMP0006.
Abstract: Almost all existing password-based authenticated key exchange (PAKE) schemes achieve concurrent security in the standard model by relying on the common reference string (CRS) model. A drawback of the CRS model is to require a centralized trusted authority in the setup phase; thus, passwords of parties may be revealed if the authority ill-uses trapdoor information of the CRS. There are a few secure PAKE schemes in the plain model, but, these are not achievable in a constant round (i.e., containing a linear number of rounds). In this paper, we discuss how to relax the setup assumption for (constant round) PAKE schemes. We focus on the multi-string (MS) model that allows a number of authorities (including malicious one) to provide some reference strings independently. The MS model is a more relaxed setup assumption than the CRS model because we do not trust any single authority (i.e., just assuming that a majority of authorities honestly generate their reference strings). Though the MS model is slightly restrictive than the plain model, it is very reasonable assumption because it is very easy to implement. We construct a (concurrently secure) three-move PAKE scheme in the MS model (justly without random oracles) based on the Groce-Katz PAKE scheme. The main ingredient of our scheme is the multi-string simulation-extractable non-interactive zero-knowledge proof that provides both the simulation-extractability and the extraction zero-knowledge property even if minority authorities are malicious. This work can be seen as a milestone toward constant round PAKE schemes in the plain model.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2019DMP0006/_p
Copiar
@ARTICLE{e103-a_10_1142,
author={Kazuki YONEYAMA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Password-Based Authenticated Key Exchange without Centralized Trusted Setup},
year={2020},
volume={E103-A},
number={10},
pages={1142-1156},
abstract={Almost all existing password-based authenticated key exchange (PAKE) schemes achieve concurrent security in the standard model by relying on the common reference string (CRS) model. A drawback of the CRS model is to require a centralized trusted authority in the setup phase; thus, passwords of parties may be revealed if the authority ill-uses trapdoor information of the CRS. There are a few secure PAKE schemes in the plain model, but, these are not achievable in a constant round (i.e., containing a linear number of rounds). In this paper, we discuss how to relax the setup assumption for (constant round) PAKE schemes. We focus on the multi-string (MS) model that allows a number of authorities (including malicious one) to provide some reference strings independently. The MS model is a more relaxed setup assumption than the CRS model because we do not trust any single authority (i.e., just assuming that a majority of authorities honestly generate their reference strings). Though the MS model is slightly restrictive than the plain model, it is very reasonable assumption because it is very easy to implement. We construct a (concurrently secure) three-move PAKE scheme in the MS model (justly without random oracles) based on the Groce-Katz PAKE scheme. The main ingredient of our scheme is the multi-string simulation-extractable non-interactive zero-knowledge proof that provides both the simulation-extractability and the extraction zero-knowledge property even if minority authorities are malicious. This work can be seen as a milestone toward constant round PAKE schemes in the plain model.},
keywords={},
doi={10.1587/transfun.2019DMP0006},
ISSN={1745-1337},
month={October},}
Copiar
TY - JOUR
TI - Password-Based Authenticated Key Exchange without Centralized Trusted Setup
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1142
EP - 1156
AU - Kazuki YONEYAMA
PY - 2020
DO - 10.1587/transfun.2019DMP0006
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E103-A
IS - 10
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - October 2020
AB - Almost all existing password-based authenticated key exchange (PAKE) schemes achieve concurrent security in the standard model by relying on the common reference string (CRS) model. A drawback of the CRS model is to require a centralized trusted authority in the setup phase; thus, passwords of parties may be revealed if the authority ill-uses trapdoor information of the CRS. There are a few secure PAKE schemes in the plain model, but, these are not achievable in a constant round (i.e., containing a linear number of rounds). In this paper, we discuss how to relax the setup assumption for (constant round) PAKE schemes. We focus on the multi-string (MS) model that allows a number of authorities (including malicious one) to provide some reference strings independently. The MS model is a more relaxed setup assumption than the CRS model because we do not trust any single authority (i.e., just assuming that a majority of authorities honestly generate their reference strings). Though the MS model is slightly restrictive than the plain model, it is very reasonable assumption because it is very easy to implement. We construct a (concurrently secure) three-move PAKE scheme in the MS model (justly without random oracles) based on the Groce-Katz PAKE scheme. The main ingredient of our scheme is the multi-string simulation-extractable non-interactive zero-knowledge proof that provides both the simulation-extractability and the extraction zero-knowledge property even if minority authorities are malicious. This work can be seen as a milestone toward constant round PAKE schemes in the plain model.
ER -