BEGIN:VCALENDAR VERSION:2.0 PRODID:-//talks.cam.ac.uk//v3//EN BEGIN:VTIMEZONE TZID:Europe/London BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:19700329T010000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:19701025T020000 RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT CATEGORIES:Computer Laboratory Security Seminar SUMMARY:Owl - an augmented password-authenticated key exch ange protocol - Feng Hao\, University of Warwick DTSTART;TZID=Europe/London:20240220T140000 DTEND;TZID=Europe/London:20240220T150000 UID:TALK211117AThttp://talks.cam.ac.uk URL:http://talks.cam.ac.uk/talk/index/211117 DESCRIPTION:In this talk\, I will first review three decades o f research in the field of password-authenticated key exchange (PAKE). PAKE protocols can be categor ized into two types: balanced and augmented scheme s. I will share my experience of designing a balan ced PAKE called J-PAKE in 2008 (joint work with Ry an). Today\, J-PAKE has been deployed in many real -world applications\, e.g.\, Google Nest\, ARM Mbe d\, Amazon Fire stick and Thread products.\n \nNex t\, I will focus on augmented PAKE\, which is a di fferent challenge. Today\, SRP-6a is the only augm ented PAKE that has enjoyed wide use\, e.g.\, in A pple's iCloud\, 1Password and Proton mail. Limitat ions of SRP-6a\, such as heuristic security\, a la ck of efficiency (due to the mandated use of a saf e prime) and a lack of support for elliptic curve implementations are well-known\, but for the past 25 years\, there seems to be no better alternative . In 2020\, IETF chose OPAQUE as an augmented PAKE standard\, but open issues leave it unclear wheth er OPAQUE will replace SRP-6a.\n \nFinally\, I wil l present Owl\, a new augmented PAKE (joint work w ith Bag\, Chen and van Oorshot\; see https://eprin t.iacr.org/2023/768). Owl is obtained by efficient ly adapting J-PAKE to an augmented setting. While J-PAKE is symmetric\, Owl is asymmetric. Both prot ocols follow the same design principle but they ar e suitable for different applications. I will show that Owl is systematically better than SRP-6a in every aspect\, including security computation\, co mmunication\, message sizes and cryptographic agil ity. Owl is also free from several security and im plementation issues faced by OPAQUE.\n\nhttps://ca m-ac-uk.zoom.us/j/88950422934?pwd=WHJsSklROW90YVVx bndQYTlJTERIUT09\n\nMeeting ID: 889 5042 2934\nPas scode: 853480\n\nRECORDING : Please note\, this ev ent will be recorded and will be available after t he event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking ques tions.\n\nNOTE: Please do not post URLs for the ta lk\, and especially Zoom links to Twitter because automated systems will pick them up and disrupt ou r meeting. LOCATION:Webinar &\; FW11\, Computer Laboratory\, Willia m Gates Building. CONTACT:Hridoy Sankar Dutta END:VEVENT END:VCALENDAR