Password remains the most widespread means of authentication, especially on the Internet. As such, it is the Achilles heel of many modern systems. All attempts in the past decades to replace passwords with public-key based authentication mechanisms failed and it seems unlikely that password-based authentication will be abandoned. Therefore, there is a huge need to develop cryptographic techniques to protect the passwords and the systems relying on password-based authentication. The main challenge here is to find solutions that keep the interfaces as they are and which do not change the way users interact with the systems. Recently, password-hardening was suggested to secure passwords against offline brute-force attacks. The basic idea is to extend the setting by an external party, called the rate-limiter, who is required for password verification. The rate-limiter does not get access to sensitive user information and the user itself is not aware of its existence. The technique of password-hardening was recently generalized to password-hardened encryption. The basic idea here is to derive a user-specific key based on the password and the private-keys of the password server and rate-limiter. This key can then be used to encrypt sensitive information on the server's side. The goal of this project is the research of password-hardening and password-hardened encryption. The first step consists of the development of security models that take real-world properties into account and prove its realizability in the standard model. The second part aims to generalize these primitives to the threshold setting and investigate the required minimal assumptions.

DFG Programme Research Grants