Darmstadt University of Technology
The authors continue the recent trend in cryptography to study protocol design in presence of tamper-proof hardware tokens. They present a very efficient protocol for password-based authenticated key exchange based on the weak model of one-time memory tokens, recently introduced by Goldwasser et al. (Crypto 2008). Their protocol only requires four moves, very basic operations, and the sender to send l tokens in the first step for passwords of length l. At the same time they achieve information-theoretic security in Canetti's universal composition framework (FOCS 2001) against adaptive adversaries (assuming reliable erasure), even if the tokens are not guaranteed to be transferred in an authenticated way, i.e., even if the adversary can read or substitute transmitted tokens (as opposed to many previous efforts).