(. Sendterm,

S. ?-otherwise-;-c-s-,-s-s-)-=-(x-s, X. , and ·. , If Open

(. Sendserv(k and X. T. , Set the current timeframe t to be ? k S 's session timeframe

X. ?-z-p, S. S-?-g-x, and (. Get-c-s-?-genequivcommit,

(. Sendserv, Check whether Open

. ?-if-so and . Openequivcommit, pw t )), accept and output sk S = (X T ) x S . Additionally, if ? k S is fresh and c T was not oracle-generated, raise flag NOG-Com-OK

X. Sendterm-;-x-t-$-?-z-p and . T-?-g-x-t, Set the current timeframe t to be ? j T 's session timeframe and generate

, AKE authenticated key exchange. 2, 8, 58, vol.85, p.86

, CDH computationnal Diffie-Hellman, vol.10, p.79

, CRS common reference string, vol.18, p.48

, CS commitment scheme, vol.12, p.83

. Ddh-decisional-diffie-hellman, , vol.10, p.77

, EUF-CMA existencially unforgeable under adaptive chosen message attack, p.40

, HCFF human-compatible function family. x, vol.66, p.87

, IC ideal cipher, vol.10, p.74

, IND-CPA indistinguishability under chosen plaintext attacks, p.15

, PAKE password authenticated key exchange. ix, vol.37, p.91

, PKI public-key infrastructure, vol.2, p.86

, RO random oracle, vol.18, p.48

, RP-CSP random planted constraint satisfiability problem, vol.54, p.56

, RSS robust secret sharing. 3-5, 15-17, vol.46, pp.38-41

, UC universal composability. ix, vol.3, p.91

. .. , Ideal Functionality F H pake for PAKE (recalled from [CHK+05])

. .. , Ideal Functionality F pake for PAKE (simplified from F H pake ), p.10

F. Functionality and . .. Crs,

F. Functionality and . .. Ro,

F. Functionality and . .. Ic,

. .. Functionality-f-ipake,

. .. Functionality-f-lipake,

E. Protocol, {0, 1} ? ×{0, 1} ? ×G ? {0, 1} ? and a symmetric cipher E : G ? {0, 1} ? , D : {0, 1} * ? G for keys in P

, Game G 1 (right), showing a setting where P 1?i is corrupted

, The Simulator S for the EKE2 Protocol indistinguishability from F liPAKE, vol.34

I. .. Functionality-f-fpake-for-fpake, , p.36

, A Modified TestPwd Interface to Allow for Different Leakage, p.37

, A First Natural Construction (with code-offset fuzzy sketch and PAKE), p.38

, Game G 1 (right), showing a setting where both parties are honest

T. Simulator and .. .. ,

, Graph of the sequential oracle calls in the ?-unforgeability experiment, p.51

. .. Confirmed-hake-construction,

, Tables 5.1 Performance of the Time-Based HAKE

M. Abdalla, F. Benhamouda, O. Blazy, C. Chevalier, and D. Pointcheval, SPHF-Friendly Non-interactive Commitments, ASI-ACRYPT 2013, Part I, vol.8269, pp.214-234, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00915542

M. Abdalla, F. Bourse, A. D. Caro, and D. Pointcheval, Simple Functional Encryption Schemes for Inner Products, PKC 2015, vol.9020, pp.733-751, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01108287

M. Abdalla, D. Catalano, C. Chevalier, and D. Pointcheval, Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework, Tal Malkin, vol.4964, pp.335-351, 2008.
URL : https://hal.archives-ouvertes.fr/inria-00419157

M. Abdalla, C. Chevalier, and D. Pointcheval, Smooth Projective Hashing for Conditionally Extractable Commitments, LNCS, vol.5677, p.10, 2009.
URL : https://hal.archives-ouvertes.fr/inria-00419145

M. Abdalla and D. Pointcheval, Simple Password-Based Encrypted Key Exchange Protocols, CT-RSA 2005, vol.3376, p.83, 2005.
URL : https://hal.archives-ouvertes.fr/hal-02391456

J. Blocki, M. Blum, A. Datta, and S. Vempala, Towards Human Computable Passwords, ITCS 2017, vol.4266, pp.53-57, 2017.

A. Boldyreva, S. Chen, P. Dupont, and D. Pointcheval, Human Computing for Handling Strong Corruptions in Authenticated Key Exchange, 2017 IEEE 30th Computer Security Foundations Symposium (CSF), p.4, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01628797

B. Barak, R. Canetti, Y. Lindell, R. Pass, and T. Rabin, Secure Computation Without Authentication, CRYPTO 2005. Ed. by Victor Shoup, vol.3621, p.41, 2005.

X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith, Secure Remote Authentication Using Biometric Data, EURO-CRYPT 2005, vol.3494, p.38, 2005.

M. Steven, M. Bellovin, and . Merritt, Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks, 1992 IEEE Symposium on Security and Privacy, pp.72-84, 1992.

V. Boyko, P. D. Mackenzie, and S. Patel, Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman, EURO-CRYPT, vol.1807, pp.156-171, 2000.

M. Bellare and C. Namprempre, Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm, LNCS, vol.1976, pp.531-545, 2000.

M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko, The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme, Journal of Cryptology, vol.16, issue.3, p.50, 2003.

X. Boyen, Reusable Cryptographic Fuzzy Extractors, ACM CCS 04, pp.82-91, 2004.

M. Bellare, D. Pointcheval, and P. Rogaway, Authenticated Key Exchange Secure against Dictionary Attacks, EUROCRYPT 2000, vol.1807, pp.58-60, 2000.

M. Bellare and P. Rogaway, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, ACM CCS 93, p.14, 1993.

R. Canetti, Universally Composable Security: A New Paradigm for Cryptographic Protocols, 42nd FOCS, pp.136-145, 2001.

R. Canetti, Obtaining Universally Compoable Security: Towards the Bare Bones of Trust (Invited Talk)". In: ASIACRYPT, Kaoru Kurosawa, vol.4833, pp.88-112, 2007.

R. Cramer, N. Ivan-bjerre-damgård, S. Döttling, G. Fehr, and . Spini, Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions, EUROCRYPT 2015, Part II, vol.9057, p.16, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01413262

R. Canetti and M. Fischlin, Universally Composable Commitments, LNCS, vol.2139, p.14, 2001.

R. Canetti, S. Halevi, J. Katz, Y. Lindell, and P. D. Mackenzie, Universally Composable Password-Based Key Exchange, EURO-CRYPT 2005, vol.3494, p.41, 2005.

J. Jean-sébastien-coron, Y. Patarin, and . Seurin, The Random Oracle Model and the Ideal Cipher Model Are Equivalent, 2008.

E. Wagner, LNCS. Springer, vol.5157, p.74, 2008.

R. Cramer, LNCS, vol.3494, 2005.

W. Diffie and M. E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, vol.22, p.23, 1976.

P. Dupont, J. Hesse, D. Pointcheval, L. Reyzin, and S. Yakoubov, Fuzzy Password-Authenticated Key Exchange
URL : https://hal.archives-ouvertes.fr/hal-01903733

, LNCS, vol.10822, pp.393-424, 2018.

P. , A. Dupont, and D. Pointcheval, Functional Encryption with Oblivious Helper, pp.205-214, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01470375

Y. Dodis, L. Reyzin, and A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, EURO-CRYPT 2004. Ed. by Christian Cachin and Jan Camenisch, vol.3027, pp.523-540, 2004.

Y. Dai and J. P. Steinberger, Indifferentiability of 8-Round Feistel Networks, CRYPTO 2016, Part I, vol.9814, p.74, 2016.

S. V. Eduarda, J. Freire, D. Hesse, and . Hofheinz, Universally Composable Non-Interactive Key Exchange, LNCS, vol.8642, p.42, 2014.

M. Fischlin, B. Libert, and M. Manulis, Non-interactive and Reusable Universally Composable String Commitments with Adaptive Security, ASIACRYPT 2011, vol.7073, p.14, 2011.

V. Feldman, W. Perkins, and S. Vempala, On the Complexity of Random Satisfiability Problems with Planted Solutions, 47th ACM STOC, pp.77-86, 2015.

T. Holenstein, R. Künzler, and S. Tessaro, The equivalence of the random oracle model and the ideal cipher model, revisited, p.74, 2011.

D. Hofheinz and J. Müller-quade, Universally Composable Commitments Using Random Oracles, LNCS, vol.2951, pp.58-76, 2004.

A. Juels and M. Wattenberg, A Fuzzy Commitment Scheme, ACM CCS 99, vol.40, p.38, 1999.

J. Katz and V. Vaikuntanathan, Round-Optimal Password-Based Authenticated Key Exchange, TCC 2011, vol.6597, p.48, 2011.

J. Robert, D. V. Mceliece, and . Sarwate, On Sharing Secrets and Reed-Solomon Codes, Communications of the ACM, vol.24, p.18, 1981.

B. Preneel, LNCS, vol.1807, 2000.

G. Kenneth, D. Paterson, and . Stebila, One-Time-Password-Authenticated Key Exchange, LNCS, vol.6168, p.62, 2010.

P. Rogaway, M. Bellare, J. Black, and T. Krovetz, OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption, ACM CCS 01, p.15, 2001.

R. M. Roth, Introduction to coding theory, p.15, 2006.

. Rsa-securid-hardware-tokens and . Security, , vol.75, p.53

V. Shoup, A Proposal for an ISO Standard for Public Key Encryption, Cryptology ePrint Archive, p.22, 2001.