-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Port pqARKG-H msKS security proof to LaTeX
- Loading branch information
Showing
6 changed files
with
571 additions
and
201 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| !pqarkg-h.pdf | ||
| *.aux | ||
| *.bbl | ||
| *.bcf | ||
| *.blg | ||
| *.fdb_* | ||
| *.fls | ||
| *.log | ||
| *.out | ||
| *.run.xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| all: pqarkg-h.pdf | ||
|
|
||
| auto: | ||
| ls -1 | entr make pqarkg-h.pdf | ||
|
|
||
| force: clean all | ||
|
|
||
| clean: | ||
| rm -f *.aux *.log *.out *.pdf | ||
|
|
||
| %.pdf: %.tex %.bib | ||
| latexmk -pdf pqarkg-h |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| @online{ARKG, | ||
| author = {Lundberg, Emil and Bradley, John}, | ||
| title = {The Asynchronous Remote Key Generation (ARKG) algorithm}, | ||
| url = {https://www.ietf.org/archive/id/draft-bradleylundberg-cfrg-arkg-03.html}, | ||
| addendum = "Version 03", | ||
| year = 2025 | ||
| } | ||
|
|
||
| @inproceedings{Frymann2020, | ||
| author = {Frymann, Nick and Gardham, Daniel and Kiefer, Franziskus and Lundberg, Emil and Manulis, Mark and Nilsson, Dain}, | ||
| title = {Asynchronous Remote Key Generation: An Analysis of Yubico's Proposal for W3C WebAuthn}, | ||
| year = {2020}, | ||
| isbn = {9781450370899}, | ||
| publisher = {Association for Computing Machinery}, | ||
| address = {New York, NY, USA}, | ||
| url = {https://doi.org/10.1145/3372297.3417292}, | ||
| doi = {10.1145/3372297.3417292}, | ||
| abstract = {WebAuthn, forming part of FIDO2, is a W3C standard for strong authentication, which employs digital signatures to authenticate web users whilst preserving their privacy. Owned by users, WebAuthn authenticators generate attested and unlinkable public-key credentials for each web service to authenticate users. Since the loss of authenticators prevents users from accessing web services, usable recovery solutions preserving the original WebAuthn design choices and security objectives are urgently needed. We examine Yubico's recent proposal for recovering from the loss of a WebAuthn authenticator by using a secondary backup authenticator. We analyse the cryptographic core of their proposal by modelling a new primitive, called Asynchronous Remote Key Generation (ARKG), which allows some primary authenticator to generate unlinkable public keys for which the backup authenticator may later recover corresponding private keys. Both processes occur asynchronously without the need for authenticators to export or share secrets, adhering to WebAuthn's attestation requirements. We prove that Yubico's proposal achieves our ARKG security properties under the discrete logarithm and PRF-ODH assumptions in the random oracle model. To prove that recovered private keys can be used securely by other cryptographic schemes, such as digital signatures or encryption schemes, we model compositional security of ARKG using composable games by Brzuska et al. (ACM CCS 2011), extended to the case of arbitrary public-key protocols. As well as being more general, our results show that private keys generated by ARKG may be used securely to produce unforgeable signatures for challenge-response protocols, as used in WebAuthn. We conclude our analysis by discussing concrete instantiations behind Yubico's ARKG protocol, its integration with the WebAuthn standard, performance, and usability aspects.}, | ||
| booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security}, | ||
| pages = {939–954}, | ||
| numpages = {16}, | ||
| keywords = {webauthn, web authentication, key generation, composability}, | ||
| location = {Virtual Event, USA}, | ||
| series = {CCS '20} | ||
| } | ||
|
|
||
| @online{HDK, | ||
| author = {Dijkhuis, Sander}, | ||
| title = {Hierarchical Deterministic Keys}, | ||
| url = {https://www.ietf.org/archive/id/draft-dijkhuis-cfrg-hdkeys-06.html}, | ||
| addendum = "Version 06", | ||
| year = 2025 | ||
| } | ||
|
|
||
| @online{webauthn, | ||
| author = {Balfanz, Dirk and Bharadwaj, Vijay and Birgisson, Arnar and Cappalli, Tim and Czeskis, Alexei and Hodges, Jeff and Jones, J.C. and Jones, Michael B. and Kumar, Akshay and Le Van Gong, Hubert and Liao, Angelo and Lindemann, Rolf and Lundberg, Emil and Miller, Matthew}, | ||
| title = {Web Authentication: An API for accessing Public Key Credentials}, | ||
| url = {https://www.w3.org/TR/2025/WD-webauthn-3-20250127/}, | ||
| addendum = "Level 3 working draft", | ||
| year = 2025 | ||
| } | ||
|
|
||
| @online{webauthn-sign, | ||
| author = {Lundberg, Emil}, | ||
| title = {Add "sign" extension}, | ||
| url = {https://github.com/w3c/webauthn/pull/2078}, | ||
| addendum = "W3C Web Authentication issue tracker, accessed 2025-01-31", | ||
| year = 2024 | ||
| } | ||
|
|
||
| @masterthesis{Wilson, | ||
| author = {Wilson, Spencer MacLaren}, | ||
| title = {Post-Quantum Account Recovery for Passwordless Authentication}, | ||
| url = {https://uwspace.uwaterloo.ca/items/d1f73f71-e3b2-438c-b261-11632becdbb2}, | ||
| year = 2023 | ||
| } |
Binary file not shown.
Oops, something went wrong.