Permutation-Based Hash Chains with Application to Password Hashing

Permutation-Based Hash Chains with Application to Password Hashing

Blog Article

Hash chain based password systems are a useful way to guarantee authentication with one-time passwords.The core idea dates back to Lamport, and is specified in RFC 1760 as S/Key.At CCS 2017, Kogan et al.

introduced T/Key, an improved password system where one-time passwords are only valid for a limited time period.They proved security of their construction in the random oracle model under a basic modeling of the adversary.In this work, we make various advances in the analysis and instantiation of hash chain based password systems.

Firstly, we describe a slight abstraction called U/Key that allows for more flexibility in the instantiation and analysis, orb grinder and we develop a security model that refines the adversarial strength into offline and online complexity, that can be used beyond the random oracle model, and that allows to argue multi-user security directly.Secondly, we derive a new security proof of U/Key in the random oracle model, as well as dedicated and tighter security proofs of U/Key instantiated with a sponge construction and a truncated permutation.These dedicated security proofs, in turn, solve a problem of understanding the preimage resistance of a cascaded evaluation of the sponge construction.

When applied to T/Key, these results improve significantly over the earlier results: whereas the originally suggested instantiation using SHA-256 uses a compression function that maps 768 bits into 256 iphone 14 pramoxine bits, with a truncated permutation construction one can generically achieve 128 bits of security already with a permutation of size 256 bits.