New Smooth Projective Hash Functions and One-Round Authenticated Key Exchange

Password-Authenticated Key Exchange (PAKE) has received deep attention in the last few years, with a recent improvement by Katz and Vaikuntanathan, and their one-round protocols: the two players just have to send simultaneous ows to each other, that depend on their own passwords only, to agree on a shared high entropy secret key. To this aim, they followed the Gennaro and Lindell's approach, with a new kind of Smooth-Projective Hash Functions (SPHFs). They came up with the rst concrete one-round PAKE, secure in the Bellare, Pointcheval, and Rogaway's model, but at the cost of a simulation-sound NIZK, which makes the overall construction not really e cient. This paper follows their path with a new e cient instantiation of SPHF on Cramer-Shoup ciphertexts. It then leads to the design of the most e cient PAKE known so far: a one-round PAKE with two simultaneous ows consisting of 6 group elements each only, in any DDH-group without any pairing. We thereafter show a generic construction for SPHFs, in order to check the validity of complex relations on encrypted values. This allows to extend this work on PAKE to the more general family of protocols, termed Langage-Authenticated Key Exchange (LAKE) by Ben Hamouda, Blazy, Chevalier, Pointcheval, and Vergnaud, but also to blind signatures. We indeed provide the most e cient blind Waters' signature known so far.