Compact Password Authenticated Key Exchange from Group Actions

At ASIACRYPT 2020, Alamati et al. formalized the framework of group actions for abstracting isogeny-based cryptosystems. At CRYPTO 2022, Abdalla et al. extended the framework to represent the quadratic twist of elliptic curves, and proposed the first provably secure and tightly secure one-round isogeny-based password-authenticated key exchange (PAKE) scheme (X-GA-PAKE) by a bit-by-bit approach. However, in X-GA-PAKE, for the password length l, the number of group actions per party is 5l, and the communication complexity per party is 2l, thus there is a problem in efficiency. In this paper, we propose an efficient one-round PAKE scheme that reduces the number of group actions and the communication complexity compared to X-GA-PAKE. In X-GA-PAKE, it is necessary to send/receive 2l elements to prevent trivial attacks using twists, but in our scheme, by reducing l elements of them to the number of common reference string (CRS), we can reduce the number of group actions per party to 4l + 2|CRS| and the communication complexity per party to l + |CRS|. In addition, we show the tight security in the one-round PAKE security model based on the same assumptions as in X-GA-PAKE.