Tightly-Secure PAK(E) [chapter]

José Becerra, Vincenzo Iovino, Dimiter Ostrev, Petra Šala, Marjan Škrobot
2018 Lecture Notes in Computer Science  
We present a security reduction for the PAK protocol instantiated over Gap Diffie-Hellman Groups that is tighter than previously known reductions. We discuss the implications of our results for concrete security. Our proof is the first to show that the PAK protocol can provide meaningful security guarantees for values of the parameters typical in today's world. A detailed description of the FtG model of Bellare, Pointcheval and Rogaway [7] can be found in Section 4. 5 The advantage is twice the
more » ... success probability minus one. 6 By success we mean guessing the password of any user. 10 We refer to [35, Figure 4 ] for an estimation of the advantage of online dictionary attacks as a function of the number of guesses for two real-world password datasets. Cryptographic building blocks Let G 1 , G T be cyclic groups of prime order q and g a generator of G 1 . Definition 1. A bilinear map is a function e : G 1 × G 1 → G T such that the following properties are satisfied:
doi:10.1007/978-3-030-02641-7_2 fatcat:fwm55pakffhczmf6cwr4npj55i