Hash chain based password systems are a useful way to guarantee authentication with one-time passwords.The core idea dates back to Lamport, and is specified in RFC 1760 as S/Key.At CCS 2017, Kogan et al.
introduced T/Key, an improved password system where one-time passwords are only valid for a limited time period.They proved security of their construction in the random oracle model under a basic modeling of the adversary.In this work, we make various advances in the analysis and instantiation of hash chain based password systems.
Firstly, we describe a slight abstraction called U/Key that allows for more flexibility in the instantiation and analysis, and we develop a security model that refines the adversarial strength into offline schulterblattanastomose and online complexity, that can be used hobbit door for sale beyond the random oracle model, and that allows to argue multi-user security directly.Secondly, we derive a new security proof of U/Key in the random oracle model, as well as dedicated and tighter security proofs of U/Key instantiated with a sponge construction and a truncated permutation.These dedicated security proofs, in turn, solve a problem of understanding the preimage resistance of a cascaded evaluation of the sponge construction.
When applied to T/Key, these results improve significantly over the earlier results: whereas the originally suggested instantiation using SHA-256 uses a compression function that maps 768 bits into 256 bits, with a truncated permutation construction one can generically achieve 128 bits of security already with a permutation of size 256 bits.