Efficient module learning with errors-based post-quantum password-authenticated key exchange

Abstract

Password-authenticated key exchange (PAKE) is a cryptographic primitive that can establish secure remote communications between the client and the server, especially with the advantage of amplifying memorable passwords into strong session keys. However, the arrival of the quantum computing era has brought new challenges to traditional PAKE protocols. Thus, designing an efficient post-quantum PAKE scheme becomes an open research question. In this paper, the authors construct a quantum-safe PAKE protocol, which is a horizontal extension of the password-authenticated key (PAK) protocol in the field of module lattices. Subsequently, the authors accompany the proposed protocol with a rigorous security proof in the random oracle model with two adaptions: applying the CDF-Zipf model to characterise the ability of the adversary and using the pairing with errors assumption to simplify the proof. Taking the flexibility of the module learning with errors (MLWE) problem, the authors elaborately select three parameter sets to meet different application scenarios. Specifically, the authors’ Recommended-PAKE implementation achieves 177-bit post-quantum security with a generous margin to cope with later improvement in cryptanalysis. The performance results indicate that the authors’ MLWE-PAKE is quite practical: compared with the latest Yang-PAK, the authors’ Recommended-PAK reduces the communication cost and the running time by 36.8% and 13.8%, respectively.