University of Cambridge > > Computer Laboratory Security Seminar > Owl - an augmented password-authenticated key exchange protocol

Owl - an augmented password-authenticated key exchange protocol

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Hridoy Sankar Dutta.

In this talk, I will first review three decades of research in the field of password-authenticated key exchange (PAKE). PAKE protocols can be categorized into two types: balanced and augmented schemes. I will share my experience of designing a balanced PAKE called J-PAKE in 2008 (joint work with Ryan). Today, J-PAKE has been deployed in many real-world applications, e.g., Google Nest, ARM Mbed, Amazon Fire stick and Thread products.

Next, I will focus on augmented PAKE , which is a different challenge. Today, SRP -6a is the only augmented PAKE that has enjoyed wide use, e.g., in Apple’s iCloud, 1Password and Proton mail. Limitations of SRP -6a, such as heuristic security, a lack of efficiency (due to the mandated use of a safe prime) and a lack of support for elliptic curve implementations are well-known, but for the past 25 years, there seems to be no better alternative. In 2020, IETF chose OPAQUE as an augmented PAKE standard, but open issues leave it unclear whether OPAQUE will replace SRP -6a.

Finally, I will present Owl, a new augmented PAKE (joint work with Bag, Chen and van Oorshot; see Owl is obtained by efficiently adapting J-PAKE to an augmented setting. While J-PAKE is symmetric, Owl is asymmetric. Both protocols follow the same design principle but they are suitable for different applications. I will show that Owl is systematically better than SRP -6a in every aspect, including security computation, communication, message sizes and cryptographic agility. Owl is also free from several security and implementation issues faced by OPAQUE .

Meeting ID: 889 5042 2934 Passcode: 853480

RECORDING : Please note, this event will be recorded and will be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.

NOTE : Please do not post URLs for the talk, and especially Zoom links to Twitter because automated systems will pick them up and disrupt our meeting.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2024, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity