Authors: Qingxuan Wang, Ding Wang, Chi Cheng, and Debiao He
Title: Quantum2FA: Efficient Quantum-Resistant Two-Factor Authentication Scheme for Mobile Devices
Abstract: Smart-card based password authentication has been the most widely used two-factor authentication (2FA) mechanism for security-critical applications (e.g., e-Health, smart grid and e-Commerce) in the past decades, and it is likely to hold its status in the foreseeable future. Hundreds of this type of 2FA schemes have been proposed, yet to our knowledge, most of them are built on the intractability of conventional hard problems (e.g., discrete logarithm problems and integer factoring problems) which are no longer hard in the quantum era. With the recent advancements in quantum computing, the design of secure and efficient smart-card based password authentication schemes against quantum attacks is becoming increasingly urgent. However, it is not as simple as it seems, how to design such a quantum-resistant 2FA scheme is challenging due to the demanding security requirements and the resource-constrained nature of mobile devices. In this work, we take the first step towards this issue by proposing Quantum2FA, a practical quantum-resistant smart-cardbased password authentication scheme that employs Alkim et al.’s lattice-based key exchange and Wang-Wang’s “fuzzy-verifier +honeywords” technique (IEEE TDSC’18). Particularly, Quantum2FA can thwart the newly revealed key-reuse attack (ACISP’18, CT-RSA’19) against lattice-based key exchange schemes in two aspects: signal leakage attacks and key mismatch attacks. Specifically, it restricts the necessary conditions (i.e. the attacker must be the initiator of the key exchange) for an adversary to analyze the signal; It introduces honeywords to detect the key mismatches between the smart card and the server, and thus smart card loss attack can be thwarted. We formally prove the security of Quantum2FA under the random oracle model and demonstrate its efficiency through experiments on a 32 MHz 8-bit AVR Embedded Processor. Comparison results show that Quantum2FA is not only more secure but also offers better computation efficiency than the state-of-the-art conventional 2FA schemes.