Achieving One-Round Password-Based Authenticated Key Exchange over Lattices

Password-based authenticated key exchange (PAKE) protocol allows protocol participants to establish a high entropy session key by pre-sharing a low-entropy password. Katz and Vaikuntanathan (ASIACRYPT'09) used a one-round smooth projective hash function (SPHF) over lattices to design a three-round PAKE protocol. Zhang and Yu (AISACRYPT'17) improved Katz-Vaikuntanatha's scheme by proposing a two-round PAKE with NIZK proofs, but how to construct a lattice-based simulation-sound NIZK remains an open research question. Benhamouda et al. followed the framework of Katz and Vaikuntananthan (TCC'11) and proposed a one-round PAKE via trapdoor-SPHF, but their scheme was based on conventional DDH assumption. In other words, how to design a one-round PAKE via an efficient lattice-based SPHF still remains a challenge. In this paper, we attempt to fill this gap by first proposing a new IND-CCA-secure lattice-based SPHF based on the work of Benhamouda et al. (PKC'18), and then using the proposed SPHF to construct a one-round PAKE protocol. We then prove the security of the proposed protocol. We also explore the possibilities of constructing two-round PAKE, three-round PAKE and universal composable security from our SPHF, and show the potential application of our PAKE in the Internet of Things where communication cost is the main consideration.