BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Talks.cam//talks.cam.ac.uk// X-WR-CALNAME:Talks.cam BEGIN:VEVENT SUMMARY:Owl - an augmented password-authenticated key exchange protocol - Feng Hao\, University of Warwick DTSTART:20240220T140000Z DTEND:20240220T150000Z UID:TALK211117@talks.cam.ac.uk CONTACT:Hridoy Sankar Dutta DESCRIPTION:In this talk\, I will first review three decades of research i n the field of password-authenticated key exchange (PAKE). PAKE protocols can be categorized into two types: balanced and augmented schemes. I will share my experience of designing a balanced PAKE called J-PAKE in 2008 (jo int work with Ryan). Today\, J-PAKE has been deployed in many real-world a pplications\, e.g.\, Google Nest\, ARM Mbed\, Amazon Fire stick and Thread products.\n \nNext\, I will focus on augmented PAKE\, which is a differen t challenge. Today\, SRP-6a is the only augmented PAKE that has enjoyed wi de use\, e.g.\, in Apple's iCloud\, 1Password and Proton mail. Limitations of SRP-6a\, such as heuristic security\, a lack of efficiency (due to the mandated use of a safe prime) and a lack of support for elliptic curve im plementations are well-known\, but for the past 25 years\, there seems to be no better alternative. In 2020\, IETF chose OPAQUE as an augmented PAKE standard\, but open issues leave it unclear whether OPAQUE will replace S RP-6a.\n \nFinally\, I will present Owl\, a new augmented PAKE (joint work with Bag\, Chen and van Oorshot\; see https://eprint.iacr.org/2023/768). Owl is obtained by efficiently adapting J-PAKE to an augmented setting. Wh ile J-PAKE is symmetric\, Owl is asymmetric. Both protocols follow the sam e design principle but they are suitable for different applications. I wil l show that Owl is systematically better than SRP-6a in every aspect\, inc luding security computation\, communication\, message sizes and cryptograp hic agility. Owl is also free from several security and implementation iss ues faced by OPAQUE.\n\nhttps://cam-ac-uk.zoom.us/j/88950422934?pwd=WHJsSk lROW90YVVxbndQYTlJTERIUT09\n\nMeeting ID: 889 5042 2934\nPasscode: 853480\ n\nRECORDING : Please note\, this event will be recorded and will be avail able after the event for an indeterminate period under a CC BY -NC-ND lice nse. Audience members should bear this in mind before joining the webinar or asking questions.\n\nNOTE: Please do not post URLs for the talk\, and e specially Zoom links to Twitter because automated systems will pick them u p and disrupt our meeting. LOCATION:Webinar &\; FW11\, Computer Laboratory\, William Gates Buildin g. END:VEVENT END:VCALENDAR