In this talk, I will first review three decades of research in the field of password-authenticated key exchange (PAKE). PAKE protocols can be categorized into two types: balanced and augmented schemes. I will share my experience of designing a balanced PAKE called J-PAKE in 2008 (joint work with Ryan). Today, J-PAKE has been deployed in many real-world applications, e.g., Google Nest, ARM Mbed, Amazon Fire stick and Thread products.
Next, I will focus on augmented PAKE, which is a different challenge. Today, SRP-6a is the only augmented PAKE that has enjoyed wide use, e.g., in Apple's iCloud, 1Password and Proton mail. Limitations of SRP-6a, such as heuristic security, a lack of efficiency (due to the mandated use of a safe prime) and a lack of support for elliptic curve implementations are well-known, but for the past 25 years, there seems to be no better alternative. In 2020, IETF chose OPAQUE as an augmented PAKE standard, but open issues leave it unclear whether OPAQUE will replace SRP-6a.
Finally, I will present Owl, a new augmented PAKE (joint work with Bag, Chen and van Oorshot; see https://eprint.iacr.org/2023/768). Owl is obtained by efficiently adapting J-PAKE to an augmented setting. While J-PAKE is symmetric, Owl is asymmetric. Both protocols follow the same design principle but they are suitable for different applications. I will show that Owl is systematically better than SRP-6a in every aspect, including security computation, communication, message sizes and cryptographic agility. Owl is also free from several security and implementation issues faced by OPAQUE.
https://cam-ac-uk.zoom.us/j/88950422934?pwd=WHJsSklROW90YVVxbndQYTlJTERIUT09
Meeting ID: 889 5042 2934
Passcode: 853480
RECORDING : Please note, this event will be recorded and will be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.
NOTE: Please do not post URLs for the talk, and especially Zoom links to Twitter because automated systems will pick them up and disrupt our meeting.
