Password-Protected Key Retrieval with(out) HSM Protection

Abstract

Password-authenticated key retrieval (PPKR) enables users to securely store and retrieve high-entropy keys from a server. The process is bootstrapped from a human-memorizable password only, adressing the challenge how end-users can manage cryptographic key material. The core security requirement is protection against a corrupt server, which should not be able to learn the key or offline-attack it through the password protection. PPKR is deployed at large scale with the WhatsApp Backup Protocol (WBP), allowing users to access their encrypted messaging history when switching to a new device. Davies et al. (Crypto’23) formally analysed the WBP and proved that it satisfies most of the desired security. The WBP uses the OPAQUE protocol for password-based key exchange as a building block, and relies on the server using a hardware security module (HSM) for most of its protection. In fact, the security analysis assumes that the HSM is incorruptible – rendering most of the heavy cryptography in the WBP obsolete. In this work we explore how provably secure and efficient PPKR can be build that either relies strongly on an HSM – but then takes full advantage of that – or requires less trust assumption for the price of more advanced cryptography. To this end, we first expand the definitional work by Davies et al. to allow the analysis of PPKR with fine-grained HSM corruption, such as leakage of user records, or attestation keys. For each scenario we then aim at giving minimal PPKR solutions. For the strongest corruption setting, namely a fully corrupted HSM, we propose a protocol that has a simpler design and better efficiency than the WBP, and that fixes several attacks related to client authentication that were identified by Davies et al.