Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Secure Remote Password Protocol From The Learning With Errors Problem

Huapeng Li, Baocheng Wang

TL;DR

The paper addresses the insecurity of classic SRP under quantum threats by replacing the underlying hard problem with Learning With Errors (LWE) to obtain a post-quantum SRP. It develops an LWE-based SRP using extended multi-instance LWE, incorporating a verifier constructed from a password and a random seed, and derives a common session key through a noisy LWE embedding complemented by a signal function $oldsymbol{ ame{sigma}}$ and an extractor $oldsymbol{ ame{phi}}$. A formal security proof in the Bellare–Parno–Rogaway (BPR) style is provided, along with a game-based argument that the adversary cannot distinguish real from random instances given decisional-LWE hardness and secure hash/KDF primitives. The scheme maintains the security properties of SRP, including resistance to password sniffing and dictionary attacks, while ensuring password secrecy even if the verifier is leaked, and offering independence across session keys. This work advances practical quantum-resistant PAKE building blocks with rigorous correctness and security analyses, suitable for deployment in environments demanding post-quantum security.

Abstract

Secure Remote Password (SRP) protocol is an essential password-authenticated key exchange (PAKE) protocol based on the discrete logarithm problem (DLP). The protocol is specifically designed to obtain a session key and it has been widely used in various scenarios due to its attractive security features. In the SRP protocol, the server is not required to save any data directly associated with passwords. And this makes attackers who manage to corrupt the server fail to impersonate the client unless performing a brute-force search for the password. However, the development of quantum computing has potentially made classic DLP-based public-key cryptography schemes not secure, including the SRP protocol. So it is significant to design a quantum-resistant SRP protocol. In this paper, based on the original scheme, we propose a post-quantum SRP protocol from the learning with errors (LWE) problem. And we give rigorous proof and analyses on the correctness and security of the scheme. Besides being resistant to known quantum attacks, it maintains the various secure qualities of the original protocol.

A Secure Remote Password Protocol From The Learning With Errors Problem

TL;DR

The paper addresses the insecurity of classic SRP under quantum threats by replacing the underlying hard problem with Learning With Errors (LWE) to obtain a post-quantum SRP. It develops an LWE-based SRP using extended multi-instance LWE, incorporating a verifier constructed from a password and a random seed, and derives a common session key through a noisy LWE embedding complemented by a signal function and an extractor . A formal security proof in the Bellare–Parno–Rogaway (BPR) style is provided, along with a game-based argument that the adversary cannot distinguish real from random instances given decisional-LWE hardness and secure hash/KDF primitives. The scheme maintains the security properties of SRP, including resistance to password sniffing and dictionary attacks, while ensuring password secrecy even if the verifier is leaked, and offering independence across session keys. This work advances practical quantum-resistant PAKE building blocks with rigorous correctness and security analyses, suitable for deployment in environments demanding post-quantum security.

Abstract

Secure Remote Password (SRP) protocol is an essential password-authenticated key exchange (PAKE) protocol based on the discrete logarithm problem (DLP). The protocol is specifically designed to obtain a session key and it has been widely used in various scenarios due to its attractive security features. In the SRP protocol, the server is not required to save any data directly associated with passwords. And this makes attackers who manage to corrupt the server fail to impersonate the client unless performing a brute-force search for the password. However, the development of quantum computing has potentially made classic DLP-based public-key cryptography schemes not secure, including the SRP protocol. So it is significant to design a quantum-resistant SRP protocol. In this paper, based on the original scheme, we propose a post-quantum SRP protocol from the learning with errors (LWE) problem. And we give rigorous proof and analyses on the correctness and security of the scheme. Besides being resistant to known quantum attacks, it maintains the various secure qualities of the original protocol.
Paper Structure (20 sections, 4 theorems, 9 equations, 4 figures)

This paper contains 20 sections, 4 theorems, 9 equations, 4 figures.

Table of Contents

  1. Introduction
  2. Organization
  3. Preliminaries
  4. Lattice and the Learning with Errors Problem
  5. Key Exchange
  6. Basic Tools
  7. Public-key encryption From LWE
  8. Original Secure Remote Password Protocol
  9. Notions
  10. SRP protocol srp0
  11. Secure Remote Password Protocol From LWE
  12. Design of LWE-based SRP
  13. Correctness
  14. Calculations of key materials
  15. Correctness guaranteed via $\sigma(\cdot)$ and $\varphi(\cdot)$
  16. ...and 5 more sections

Key Result

Theorem 1

(Indistinguishability of the dicisional-LWE problem lwe-ana-Robustness) For a given secure parameter $\kappa \log q$, hash function set denoted as H$: \{0, 1\}^n \to \{0, 1\}^*$ are difficult to invert with the hardness $2^{-k}$. And the indistinguishability is described as: For any super-polynomial where $\mathbf{A} \leftarrow \mathbb{Z}_{q}^{m \times n}$, $\boldsymbol{s} \leftarrow \mathbb{Z}_{q

Figures (4)

  • Figure 1: Diffie-Hellman key exchange.
  • Figure 2: Notions in the SRP protocol.
  • Figure 3: The original SRP protocol.
  • Figure 4: The LWE-based SRP protocol.

Theorems & Definitions (17)

  • Definition 1
  • Definition 2
  • Definition 3
  • Definition 4
  • Definition 5
  • Definition 6
  • Definition 7
  • Definition 8
  • Definition 9
  • Theorem 1
  • ...and 7 more