Back
  1. Home
  3. Detailled Reference
Download
Paper published in a book (Scientific congresses, symposiums and conference proceedings)
An offline dictionary attack against zkPAKE protocol
Lopez Becerra, José Miguel; Ryan, Peter; Sala, Petra et al.
2019In An offline dictionary attack against zkPAKE protocol
Peer reviewed
Permalink
https://hdl.handle.net/10993/39540
 

Files (1)Send toDetailsStatisticsBibliographySimilar publications

Files

Full Text
zkPAKE_final.pdf
Publisher postprint (309.92 kB)
Download

All documents in ORBilu are protected by a user license.

Send to


Details


Keywords :
Password Authenticated Key Exchange; Augmented PAKE; zk-PAKE
Abstract :
[en] Password Authenticated Key Exchange (PAKE) allows a user to establish a secure cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security require- ments of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guess- ing attack, even in the presence of an adversary that has only eavesdrop- ping capabilities. Results of performance evaluation show that our attack is practical and e cient.Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Computer science
Author, co-author :
Lopez Becerra, José Miguel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Ryan, Peter ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Sala, Petra ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Skrobot, Marjan
External co-authors :
yes
Language :
English
Title :
An offline dictionary attack against zkPAKE protocol
Publication date :
2019
Event name :
34th IFIP TC-11 SEC 2019 International Conference on Information Security and Privacy Protection
Event date :
from 25-6-2019 to 27-6-2019
Audience :
International
Main work title :
An offline dictionary attack against zkPAKE protocol
Publisher :
Springer
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR8293135 - A Theory Of Matching Sessions, 2014 (01/05/2015-30/04/2018) - Peter Y. A. Ryan
Name of the research project :
PRIDE15
Funders :
FNR - Fonds National de la Recherche [LU]
Commentary :
This work was supported by the Luxembourg National Research Fund through grant PRIDE15/10621687/SPsquared and under CORE project AToMS (Project ID 8293135).
Available on ORBilu :
since 23 May 2019

Statistics

Number of views
201 (21 by Unilu)
Number of downloads
200 (14 by Unilu)
More statistics

Bibliography

Similar publications


Contact ORBilu