Journal of Engineering and Applied Sciences

Year: 2018
Volume: 13
Issue: 15
Page No. 6211 - 6219

Insecure Instantiations of Random Oracles in Password-Based Key Exchange Protocols

Authors : Juryon Paik

Abstract: Protocols for Password-based Authenticated Key Exchange (PAKE) allow users to generate a shared secret key from their easy-to-remember passwords but at the same time have to protect the user’s passwords from the notorious dictionary attacks. PAKE protocols often use a hash function that maps user passwords into elements of the underlying cyclic group G generated by an arbitrary fixed element g,G. Such a hash function is usually modelled as a random oracle G in proofs of security of protocols. One obvious way of instantiating the random oracle G is to use a random oracle H: {0, 1}*→Zq and then define G(.) = gH(,). However, we argue that this obvious instantiation of G is likely to result in a critical vulnerability for most of PAKE protocols. In the present research, we provide a strong evidence in support of this argument by showing that two popular protocols-Bresson two-party PAKE protocol and Abdalla and Pointcheval’s three-party PAKE protocol-become susceptible to an offline dictionary attack as soon as G is instantiated as G (.) = gH(,). Our result suggests that designers of PAKE protocols should clearly specify how G can be securely instantiated for their protocols in order to prevent protocol implementers from employing an insecure instantiation of G.

How to cite this article:

Juryon Paik , 2018. Insecure Instantiations of Random Oracles in Password-Based Key Exchange Protocols. Journal of Engineering and Applied Sciences, 13: 6211-6219. Asian Journal of Information Technology, 18: 250-260.

Design and power by Medwell Web Development Team. © Medwell Publishing 2020 All Rights Reserved