A Secure Remote Password Protocol From The Learning With Errors Problem

TL;DR

This paper introduces a quantum-resistant version of the Secure Remote Password protocol based on the learning with errors problem, ensuring security against quantum attacks while preserving the original protocol's features.

Contribution

It proposes a novel post-quantum SRP protocol derived from LWE, with rigorous security proofs and analysis, enhancing security in the quantum era.

Findings

The new protocol is resistant to known quantum attacks.

It maintains the security features of the original SRP.

Rigorous proofs confirm the protocol's correctness and security.

Abstract

Secure Remote Password (SRP) protocol is an essential password-authenticated key exchange (PAKE) protocol based on the discrete logarithm problem (DLP). The protocol is specifically designed to obtain a session key and it has been widely used in various scenarios due to its attractive security features. In the SRP protocol, the server is not required to save any data directly associated with passwords. And this makes attackers who manage to corrupt the server fail to impersonate the client unless performing a brute-force search for the password. However, the development of quantum computing has potentially made classic DLP-based public-key cryptography schemes not secure, including the SRP protocol. So it is significant to design a quantum-resistant SRP protocol. In this paper, based on the original scheme, we propose a post-quantum SRP protocol from the learning with errors (LWE) problem. And we give rigorous proof and analyses on the correctness and security of the scheme. Besides being resistant to known quantum attacks, it maintains the various secure qualities of the original protocol.