Explore a comprehensive analysis of the J-PAKE password-authenticated key exchange protocol in this 17-minute IEEE conference talk. Delve into the first proof of security for this widely-used protocol, which is part of the OpenSSL library. Examine how the proof addresses various security aspects, including online and offline password guessing, concurrent sessions, forward secrecy, server compromise, and loss of session keys. Learn about the protocol's reliance on the Decision Square Diffie-Hellman assumption and the security requirements for non-interactive zero-knowledge proofs. Discover how the Schnorr proof-of-knowledge protocol satisfies these security assumptions in a model with algebraic adversaries and random oracles. Finally, explore a proposed modification to the Schnorr protocol's recommended labels that results in a tighter security reduction for J-PAKE.
Overview
Syllabus
Security of the J-PAKE Password-Authenticated Key Exchange Protocol
Taught by
IEEE Symposium on Security and Privacy