TY - GEN
T1 - Mitigating server breaches in password-based authentication
T2 - 2016 Conference on Cryptographer's Track at the RSA, CT-RSA 2016
AU - Blazy, Olivier
AU - Chevalier, Céline
AU - Vergnaud, Damien
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2016.
PY - 2016/1/1
Y1 - 2016/1/1
N2 - Password-Authenticated Key Exchange allows users to generate a strong cryptographic key based on a shared “human-memorable” password without requiring a public-key infrastructure. It is one of the most widely used and fundamental cryptographic primitives. Unfortunately, mass password theft from organizations is continually in the news and, even if passwords are salted and hashed, brute force breaking of password hashing is usually very successful in practice. In this paper, we propose two efficient protocols where the password database is somehow shared among two servers (or more), and authentication requires a distributed computation involving the client and the servers. In this scenario, even if a server compromise is doable, the secret exposure is not valuable to the adversary since it reveals only a share of the password database and does not permit to brute force guess a password without further interactions with the parties for each guess. Our protocols rely on smooth projective hash functions and are proven secure under classical assumption in the standard model (i.e. do not require idealized assumption, such as random oracles).
AB - Password-Authenticated Key Exchange allows users to generate a strong cryptographic key based on a shared “human-memorable” password without requiring a public-key infrastructure. It is one of the most widely used and fundamental cryptographic primitives. Unfortunately, mass password theft from organizations is continually in the news and, even if passwords are salted and hashed, brute force breaking of password hashing is usually very successful in practice. In this paper, we propose two efficient protocols where the password database is somehow shared among two servers (or more), and authentication requires a distributed computation involving the client and the servers. In this scenario, even if a server compromise is doable, the secret exposure is not valuable to the adversary since it reveals only a share of the password database and does not permit to brute force guess a password without further interactions with the parties for each guess. Our protocols rely on smooth projective hash functions and are proven secure under classical assumption in the standard model (i.e. do not require idealized assumption, such as random oracles).
KW - Decision diffie-hellman
KW - Distributed computation
KW - Password-authenticated key exchange
KW - Smooth projective hashing
U2 - 10.1007/978-3-319-29485-8_1
DO - 10.1007/978-3-319-29485-8_1
M3 - Conference contribution
AN - SCOPUS:84959019296
SN - 9783319294841
T3 - Lecture Notes in Computer Science
SP - 3
EP - 18
BT - Topics in Cryptology - The Cryptographers Track at the RSA Conference, CT-RSA 2016
A2 - Sako, Kazue
PB - Springer Verlag
Y2 - 29 February 2016 through 4 March 2016
ER -