HPAKE : Password Authentication Secure Against Cross-Site User Impersonation

By Xavier Boyen.

In Cryptology And Network Security (CANS 2009), volume 5888 of Lecture Notes in Computer Science, pages 279-298. Springer, 2009.


We propose a new kind of asymmetric mutual authentication from passwords with stronger privacy against malicious servers, lest they be tempted to engage in ``cross-site user impersonation'' to each other.

It enables a person to authenticate (with) arbitrarily many independent servers, over adversarial channels, using a memorable and reusable single short password. Beside the usual PAKE security guarantees, our framework goes to lengths to secure the password against brute-force cracking from privileged server information.


- published paper (PS) (PDF) © Springer-Verlag
- author's version (PS) (PDF)
- presentation slides (HTML)


  author = {Xavier Boyen},
  title = {HPAKE : Password Authentication Secure Against Cross-Site User Impersonation},
  booktitle = {Cryptology And Network Security---CANS 2009},
  series = {Lecture Notes in Computer Science},
  volume = {5888},
  pages = {279--298},
  publisher = {Berlin: Springer-Verlag},
  year = {2009},
  note = {Available at \url{http://www.cs.stanford.edu/~xb/cans09/}}

Unless indicated otherwise, these documents are Copyright © Xavier Boyen; all rights reserved in all countries.
Back to Xavier's homepage