Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Presentation

The OPAQUE Password Protocol: Authentication, Secret Retrieval, End-to-end security

October 16, 2024

Presenters

Hugo Krawczyk - Amazon Web Services, USA

Description

Abstract. In this talk, I will present the OPAQUE password protocol and some of its applications. OPAQUE is an asymmetric password-authenticated key exchange protocol (aPAKE) that supports mutual authentication in a client-server setting without relying on PKI and with security against pre-computation attacks upon server compromise. The protocol provides forward secrecy and the ability to hide the password from the server even during password registration. OPAQUE also acts as a secret retrieval protocol as required for backing up full-entropy secrets with applications to cryptocurrency wallets and end-to-end security. In particular, OPAQUE is implemented in WhatsApp and Facebook messenger for their chat-history backup protocol and it is standardized by the IETF as the winner of its 2022 aPAKE competition.

This represents joint work with Stas Jarecki and Jiayu Xu (paper co-authors) and Daniel Bourdrez, Kevin Lewi and Chris Wood (Internet-draft co-editors).

Suggested readings: ia.cr/2018/163 (OPAQUE paper), https://datatracker.ietf.org/doc/draft-irtf-cfrg-opaque (OPAQUE internet draft)

Presented at

Crypto Reading Club talk on 2024-Oct-16

Parent Project

See: Crypto Reading Club

Related Topics

Security and Privacy: cryptography

Created September 25, 2024, Updated October 28, 2024