, AKE authenticated key exchange. 2, 8, 58, vol.85, p.86

, CDH computationnal Diffie-Hellman, vol.10, p.79

, CRS common reference string, vol.18, p.48

, CS commitment scheme, vol.12, p.83

. Ddh-decisional-diffie-hellman, , vol.10, p.77

, ECC error-correcting code

E. , existencially unforgeable under adaptive chosen message attack. 40 fPAKE fuzzy password authenticated key exchange, vol.48, p.91

, HAKE human authenticated key exchange. x, 4, 11, vol.49, p.91

, HCFF human-compatible function family. x, vol.66, p.87

, IC ideal cipher, vol.10, p.74

, IND-CPA indistinguishability under chosen plaintext attacks, p.15

, liPAKE labeled implicit-only password authenticated key exchange. 5, 22, 23, 39, 42, 48 MDS maximum distance separable, p.40

, PKI public-key infrastructure, vol.2, p.86

, RO random oracle, vol.18, p.48

, RP-CSP random planted constraint satisfiability problem, vol.54, p.56

, RSS robust secret sharing. 3-5, vol.46, pp.38-41

, UC universal composability. ix, vol.3, p.91

. .. , Ideal Functionality F H pake for PAKE (recalled from [CHK+05])

. .. , Ideal Functionality F pake for PAKE (simplified from F H pake ), p.10

F. Functionality and . .. Crs,

F. Functionality and . .. Ro,

F. Functionality and . .. Ic,

. .. Functionality-f-ipake,

. .. Functionality-f-lipake,

E. Protocol, with a hash function H : {0, 1} ? ×{0, 1} ? ×G ? {0, 1} ? and a symmetric cipher E : G ? {0, 1} ? , D : {0, 1} * ? G for keys in P

. , Game G 1 (right), showing a setting where P 1?i is corrupted

, The Simulator S for the EKE2 Protocol indistinguishability from F liPAKE, vol.34

.. .. Ideal-functionality-f-fpake-for-fpake,

, A Modified TestPwd Interface to Allow for Different Leakage, p.37

, A First Natural Construction (with code-offset fuzzy sketch and PAKE), p.38

. , Game G 1 (right), showing a setting where both parties are honest

T. Simulator and .. .. ,

, Graph of the sequential oracle calls in the ?-unforgeability experiment, p.51

. , 1 Performance of the Time-Based HAKE

M. Abdalla, F. Benhamouda, O. Blazy, C. Chevalier, and D. Pointcheval, SPHF-Friendly Non-interactive Commitments, ASIACRYPT 2013, Part I, vol.8269, pp.214-234, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00915542

M. Abdalla, F. Bourse, A. D. Caro, and D. Pointcheval, Simple Functional Encryption Schemes for Inner Products, PKC 2015
URL : https://hal.archives-ouvertes.fr/hal-01108287

J. Katz, LNCS. Springer, vol.9020, pp.733-751, 2015.

M. Abdalla, D. Catalano, C. Chevalier, and D. Pointcheval, Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework, Tal Malkin, vol.4964, pp.335-351, 2008.
URL : https://hal.archives-ouvertes.fr/inria-00419157

M. Abdalla, C. Chevalier, and D. Pointcheval, Smooth Projective Hashing for Conditionally Extractable Commitments, LNCS, vol.5677, p.10, 2009.
URL : https://hal.archives-ouvertes.fr/inria-00419145

M. Abdalla and D. Pointcheval, Simple Password-Based Encrypted Key Exchange Protocols, CT-RSA 2005, vol.3376, p.83, 2005.

J. Blocki, M. Blum, A. Datta, and S. Vempala, Towards Human Computable Passwords, ITCS 2017, vol.4266, pp.53-57, 2017.

A. Boldyreva, S. Chen, P. Dupont, and D. Pointcheval, Human Computing for Handling Strong Corruptions in Authenticated Key Exchange, 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pp.159-175, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01628797

B. Barak, R. Canetti, Y. Lindell, R. Pass, and T. Rabin, Secure Computation Without Authentication, CRYPTO 2005. Ed. by Victor Shoup, vol.3621, p.41, 2005.

X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith, Secure Remote Authentication Using Biometric Data, EUROCRYPT 2005, vol.3494, p.38, 2005.

M. Steven, M. Bellovin, and . Merritt, Encrypted Key Exchange: PasswordBased Protocols Secure against Dictionary Attacks, 1992 IEEE Symposium on Security and Privacy, pp.72-84, 1992.

V. Boyko, P. D. Mackenzie, and S. Patel, Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman, EUROCRYPT 2000, vol.1807, pp.156-171, 2000.

M. Bellare and C. Namprempre, Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm, LNCS, vol.1976, pp.531-545, 2000.

M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko, The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme, Journal of Cryptology, vol.16, issue.3, p.50, 2003.

X. Boyen, Reusable Cryptographic Fuzzy Extractors, ACM CCS 04, pp.82-91, 2004.

M. Bellare, D. Pointcheval, and P. Rogaway, Authenticated Key Exchange Secure against Dictionary Attacks, EUROCRYPT 2000, vol.1807, pp.58-60, 2000.

M. Bellare and P. Rogaway, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, ACM CCS 93, p.14, 1993.

R. Canetti, Universally Composable Security: A New Paradigm for Cryptographic Protocols, 42nd FOCS, pp.136-145, 2001.

R. Canetti, Obtaining Universally Compoable Security: Towards the Bare Bones of Trust (Invited Talk)". In: ASIACRYPT, Kaoru Kurosawa, vol.4833, pp.88-112, 2007.

R. Cramer, N. Ivan-bjerre-damgård, S. Döttling, G. Fehr, and . Spini, Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions, EUROCRYPT 2015, Part II, vol.9057, p.16, 2015.
DOI : 10.1007/978-3-662-46803-6_11
URL : https://hal.archives-ouvertes.fr/hal-01413262

R. Canetti and M. Fischlin, Universally Composable Commitments, CRYPTO 2001, vol.2139, p.14, 2001.

R. Canetti, S. Halevi, J. Katz, Y. Lindell, and P. D. Mackenzie, Universally Composable Password-Based Key Exchange, EUROCRYPT 2005, vol.3494, p.41, 2005.
DOI : 10.1007/11426639_24
URL : https://link.springer.com/content/pdf/10.1007%2F11426639_24.pdf

J. Coron, J. Patarin, and Y. Seurin, The Random Oracle Model and the Ideal Cipher Model Are Equivalent, 2008.
DOI : 10.1007/978-3-540-85174-5_1
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-85174-5_1.pdf

E. By-david and . Wagner, LNCS. Springer, vol.5157, p.74, 2008.

R. Cramer, LNCS, vol.3494, 2005.

W. Diffie and M. E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, vol.22, p.23, 1976.

P. Dupont, J. Hesse, D. Pointcheval, L. Reyzin, and S. Yakoubov, Fuzzy Password-Authenticated Key Exchange
URL : https://hal.archives-ouvertes.fr/hal-01903733

, LNCS, vol.10822, pp.393-424, 2018.

P. , A. Dupont, and D. Pointcheval, Functional Encryption with Oblivious Helper, pp.205-214, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01470375

Y. Dodis, L. Reyzin, and A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, LNCS, vol.3027, pp.523-540, 2004.

Y. Dai and J. P. Steinberger, Indifferentiability of 8-Round Feistel Networks, CRYPTO 2016, Part I, vol.9814, p.74, 2016.

S. V. Eduarda, J. Freire, D. Hesse, and . Hofheinz, Universally Composable Non-Interactive Key Exchange, LNCS, vol.8642, p.42, 2014.

M. Fischlin, B. Libert, and M. Manulis, Non-interactive and Reusable Universally Composable String Commitments with Adaptive Security, ASIACRYPT 2011, vol.7073, p.14, 2011.

V. Feldman, W. Perkins, and S. Vempala, On the Complexity of Random Satisfiability Problems with Planted Solutions, ACM STOC, p.47

T. Holenstein, R. Künzler, and S. Tessaro, The equivalence of the random oracle model and the ideal cipher model, revisited, p.74, 2011.

D. Hofheinz and J. Müller-quade, Universally Composable Commitments Using Random Oracles, LNCS, vol.2951, pp.58-76, 2004.

A. Juels and M. Wattenberg, A Fuzzy Commitment Scheme, ACM CCS 99, vol.40, p.38, 1999.

J. Katz and V. Vaikuntanathan, Round-Optimal Password-Based Authenticated Key Exchange, TCC 2011, vol.6597, p.48, 2011.

J. Robert, D. V. Mceliece, and . Sarwate, On Sharing Secrets and Reed-Solomon Codes, Communications of the ACM, vol.24, p.18, 1981.

B. Preneel, LNCS, vol.1807, 2000.

G. Kenneth, D. Paterson, and . Stebila, One-Time-Password-Authenticated Key Exchange, LNCS, vol.6168, p.62, 2010.

P. Rogaway, M. Bellare, J. Black, and T. Krovetz, OCB: A BlockCipher Mode of Operation for Efficient Authenticated Encryption, ACM CCS 01, p.15, 2001.

R. M. Roth, Introduction to coding theory, p.15, 2006.

. Rsa-securid-hardware-tokens and . Security, , vol.75, p.53

V. Shoup, A Proposal for an ISO Standard for Public Key Encryption, Cryptology ePrint Archive, p.22, 2001.