LBA-PAKE: Lattice-Based Anonymous Password Authenticated Key Exchange for Mobile Devices

The recent advancement in quantum computers generates the threat alarm of breaking the security of key exchange protocols, which is based on discrete logarithmic or prime factorization problem in polynomial time. Hence, motivated to develop the key exchange protocol that is secure in the postquantum era, Feng et al. proposed an anonymous authenticated key exchange protocol for mobile devices in a postquantum world. Although the protocol is simple, elegant, and efficient for mobile devices, but it is vulnerable to signal leakage attack, spoofing attack, manipulation-based attacks, and user anonymity violation attack. Therefore, to overcome the above weaknesses, lattice-based anonymous password authenticated key exchange protocol has been proposed for mobile devices. Further, our protocol supports the key reuse, perfect forward secrecy, and anonymity features. Our formal security proof and implementation results show that the proposed protocol is suitable to be used for real-time security of mobile networks.