Heterogeneous-PAKE: Bridging the Gap between PAKE Protocols and Their Real-World Deployment

Abstract

Two entities, who only share a password and communicate over an insecure channel, authenticate each other and agree on a large session key for protecting their subsequent communication. This is called the password-authenticated key exchange (PAKE) protocol. PAKE protocol has been considered a suitable substitute for the prevailing hash-based authentication which is vulnerable to various attacks. However, vendors are discouraged by both its prohibitively computational overheads as well as integrating costs, leading to its limited use since being proposed. After carefully analyzing the general workflow of PAKE protocols, we present Heterogeneous-PAKE, an entire PAKE stack with high-performance and compatibility for both client-side and server-side for Web systems. Using SRP and SPAKE2+ as case studies, we conduct a series of comprehensive experiments, especially comparing with the conventional hash-based solutions to evaluate the Heterogeneous-PAKE. The implementation harvests high throughput on the server-side with over 240k, 70k, 30k, and 1,650k operations per second for SRP-1024, SRP-1536, SRP-2048, and SPAKE2+ respectively. Meanwhile, on most testing platforms, the latency is well controlled within user-acceptable bounds, especially the SPAKE2+ whose delay is less than 3x that of a traditional authentication approach based on Bcrypt. The empirical results demonstrate that the Heterogeneous-PAKE is a very economical (with only a GPU-ready server) and convenient (with an easy-to-integrate software stack without user participation or database rebuilding) solution for upgrading existing systems with high-performance PAKE services.