Non-repudiable Password Authentication

# Web Examples ## Registration ```sequence OPRFaaS\noprf.net->OPRFaaS\noprf.net: User\nAlice->Client\nBrowser: Sets up her Browser\n with new Key Base Client\nBrowser->Client\nBrowser: kb = genKeybase()\nkb.p: 23 \nkb.q: 29 \nkb.n: 667\nh = hash(kb.n)\n ra = randArt(h) Client\nBrowser->User\nAlice: +[RSA]+\n|+*.+*|\n|=.+.=|\n+-----+\nDisplays Keybase\nFingerprint (randomart) User\nAlice->User\nAlice: memorizes \nFingerprint\n \n \n \n \n Client\nBrowser-->Client\nBrowser: qr = qr(kb)\n Client\nBrowser-->User\nAlice: Optionally displays\nKeybase QR Code\n▄▄▄▄▄ ▄ ▄▄▄▄▄\n█ ▄ █ ▀ █ ▄ █\n█▄▄▄█ ▄ █▄▄▄█\n▄▄▄▄ ▄ ▄ ▄\n▄▄▄▄▄ ▀ ▄▀█ █\n█ ▄ █ ▄█▀ ▄ █\n█▄▄▄█ █▄█ ▀█▄ User\nAlice-->User\nAlice: Optionally saves it \n as e.g. "my key" \n to her Key Vault \n on Trusted Devive User\nAlice-->Client\nBrowser: goes to bob.com Client\nBrowser-->Server\nbob.com: requests bob.com Server\nbob.com-->Server\nbob.com: s = newSession()\ns.id: 789\ns.cookie: 0x5e55c00c Server\nbob.com-->Client\nBrowser: sends bob.com content\nwith session cookie 0x5e55c00c Client\nBrowser-->User\nAlice: displays bob.com content User\nAlice-->Client\nBrowser: klicks on "Register" Client\nBrowser-->Server\nbob.com: requests bob.com/register\nwith session cookie 0x5e55c00c Server\nbob.com-->Server\nbob.com: cookie = "0x5e55c00c"\ns = session(cookie)\n a = s.registerAction()\na: "register bob.com\n 2023-08-06_15-32"\ndefault_oprf: "oprf.com" Server\nbob.com->Client\nBrowser: sends Authentication Header \n{"action": "register bob.com\n2023-08-06_15-32", "oprf":oprf.com}\nwith session cookie 0x5e55c00c Client\nBrowser->User\nAlice: Prompts: For \n'registerd\n bob.com2023-08-06_15-32'\n enter your username & password\nand select OPRFaaS\nusername: ____________\npassword: ____________\n( ) oprf.com (Bob.com default)\n(•) oprf.net (Browser default)\n( ) _________________ (custom) User\nAlice->Client\nBrowser: Enters "alice_123" & "pAl1$$w0rd"\nand selects Browser default OPRF Client\nBrowser->Client\nBrowser: u = "alice_123"\np = "pAl1$$w0rd"\no = "oprf.net"\n id = oprf.randomID()\n id: "r4Nd0M0prFiD"\nx = oprf_map(p)\n Client\nBrowser->Client\nBrowser: Loop until y is valid\nin = oprf_blind(x)\nin: 0xb1ed7a55 Client\nBrowser->OPRFaaS\noprf.net: {"id":"r4Nd0M0prFiD", "in":"0xb1ed7a55"} OPRFaaS\noprf.net->OPRFaaS\noprf.net: id = "r4Nd0M0prFiD"\nin = "0xb1ed7a55"\nk = key(id)\nout = OPRF_f(in,k)\nout: "0xd34d7455" OPRFaaS\noprf.net->Client\nBrowser: {"id":"r4Nd0M0prFiD", "in":"0xb1ed7a55", \n"out":"0xd34d7455"} Client\nBrowser->Client\nBrowser: out = "0xd34d7455"\n y = oprf_unblind(out)\ny: 0x7e417a55\nEnd of loop Client\nBrowser->Client\nBrowser: Derive signing exponent s: \ns = kdf(y,n)\ns: 549\nssk = (s,n)\nssk: (549,667) Client\nBrowser->Client\nBrowser: Derive verifer exponent v for s: \nv = modInv(s,n)\nv: 423\nsvk = (v,n) Client\nBrowser->Client\nBrowser: Sign Action: \nM = (u,a,h(svk))\nsig = sigRsaPss(M,ssk)\nsig = 516\n \n \n \n Client\nBrowser->Server\nbob.com: sends Auth Header\n{"user":"alice_123", \n"action":"register bob.com \n2023-08-06_15-32",\n"oprf":"r4Nd0M0prFiD@oprf.net",\nsvk":"(423,667)","sig":"516"}\nwith session cookie 0x5e55c00c Server\nbob.com->Server\nbob.com: u = "alice_123"\na = "register bob.com 2023-08-06_15-32"\no = "r4Nd0M0prFiD@oprf.net"\nsvk = (423,667)\ncookie = "0x5e55c00c"\ns = session(cookie)\ns.affirmAction(a)\ns.setUser(u)\n s.setOprf(o)\ns.setSvk(svk)\nM = (u, a, h(svk))) \nverRsaPss(M, sig, svk)\ns.registerUser() Server\nbob.com->Client\nBrowser: sends bob.com/my-account content \n and Authentication Header\n{"user":"alice_123", "success":\n"register bob.com 2023-08-06_15-32"}\nwith session cookie 0x5e55c00c\nOptionally asks Alice\n for commitment to h(n) or h(svk) Client\nBrowser->User\nAlice: Prompts: \n'Registration bob.com\n 2023-08-06_15-32'\nwas successful!\nand displays "My Bob-Account" User\nAlice-->Server\nbob.com: Sends Bob an out-of-band commitment for h(n) or h(vsk) ``` ## Login ```sequence OPRFaaS\noprf.net->OPRFaaS\noprf.net: User\nAlice-->Client\nBrowser: goes to bob.com Client\nBrowser-->Server\nbob.com: requests bob.com Server\nbob.com-->Server\nbob.com: s = newSession()\ns.id: 789\ns.cookie: 0x5e55c00c Server\nbob.com-->Client\nBrowser: sends bob.com content\nwith session cookie 0x5e55c00c Client\nBrowser-->User\nAlice: displays bob.com content User\nAlice-->Client\nBrowser: klicks on "My Bob-Account" Client\nBrowser-->Server\nbob.com: requests bob.com/my-account\nwith session cookie 0x5e55c00c Server\nbob.com-->Server\nbob.com: cookie = "0x5e55c00c"\ns = session(cookie)\n a = s.loginAction()\na: "login bob.com 2023-08-06_15-32" Server\nbob.com->Client\nBrowser: sends Authentication Header \n{"action":\n"login bob.com 2023-08-06_15-32"}\nwith session cookie 0x5e55c00c Client\nBrowser->User\nAlice: Prompts: For \n'Login bob.com 2023-08-06_15-32'\n enter your username User\nAlice->Client\nBrowser: Enters "alice_123" Client\nBrowser->Client\nBrowser: u = "alice_123"\n .\n .\n . Client\nBrowser->Server\nbob.com: sends Authentication Header \n{"user":"alice_123", "action":\n"login bob.com 2023-08-06_15-32"}\nwith session cookie 0x5e55c00c Server\nbob.com->Server\nbob.com: u = "alice_123"\na = "login bob.com 2023-08-06_15-32"\ncookie = "0x5e55c00c"\ns = session(cookie)\ns.affirmAction(a)\ns.setUser(u)\no = s.usersOprf()\no: "r4Nd0M0prFiD@oprf.net"\n c = s.newChallenge()\nc: "13256897"\n n = s.usersMod()\nn: "667" Server\nbob.com->Client\nBrowser: {"user":"alice_123", "action":\n"login bob.com 2023-08-06_15-32",\n"chall_s":"13256897", "rsamod":"667",\n"oprf":"r4Nd0M0prFiD@oprf.net"} Client\nBrowser->Client\nBrowser:chall_s = "13256897"\nn = "667"\nid = "r4Nd0M0prFiD"\noprfaas="oprf.net"\n Client\nBrowser->User\nAlice: Prompots: For\n 'Login bob.com 2023-08-06_15-32'\n as user alice_123 enter your\n password for this fingerprint \n (modul's randomart image):\n+[RSA4096]+\n| + *.+ * |\n| =. +. = |\n| . . .o .|\n| o .+ .E |\n+---------+\n User\nAlice->User\nAlice: recognizes her fingerprint\nor looks it up in her\ntrusted device (key vault) User\nAlice->Client\nBrowser: Enters "pAl1$$0rd" Client\nBrowser->Client\nBrowser: w = "pAl1$$0rd"\nx = oprf_blind(w)\nx: 0xb1ed7a55 Client\nBrowser->OPRFaaS\noprf.net: {"id":"r4Nd0M0prFiD", "x":"0xb1ed7a55"} OPRFaaS\noprf.net->OPRFaaS\noprf.net: id = "r4Nd0M0prFiD"\nx = "0xb1ed7a55"\nk = key(id)\ny = OPRF_f(x,k)\ny: "0xd34d7455" OPRFaaS\noprf.net->Client\nBrowser: {"id":"r4Nd0M0prFiD", "x":"0xb1ed7a55", "y":"0xd34d7455"} Client\nBrowser->Client\nBrowser: y = "0xd34d7455"\n s = oprf_unblind(y)\ns: 0x7e417a55\nd = mod(s,n)\nprivKey = (d, n)\nprivKey: (549,667)\nsymKey = rand() % n\nsymKey: 287\nencSK = RsaEnc(symKey, privKey)\nencSK: 665\n chall_c = rand()\n chall_c: 24681357\nM_c = (u, chall_s, encSK, chall_client)\nsig_c = RsaPss(M, privKey)\nS: 0x600d516d\n.\n.\n. Client\nBrowser->Server\nbob.com: sends Authentication Header \n{"user":"alice_123", "chall_s":"13256897",\n "encSK":"665", "chall_c":"24681357",\n "sig_c":"0x600d516d"} \nwith session cookie 0x5e55c00c Server\nbob.com->Server\nbob.com: cookie = "0x5e55c00c"\nu = "alice_123"\n chall_s = "13256897"\n encSK = "665"\nchall_c = "24681357"\nsig_c = "0x600d516d"\ns = session(cookie) \n s.affirmUserChall(u,chall_s)\npubKey = s.usersPubKey()\nM_c = (u, chall_s, encSK, chall_c)\nRsaPssVerify(M_c, sig_c, pubKey)\nM_s = (u, chall_s, chall_c, a) \n symKey = RsaDec(encKey, pubKey)\nsig_s = RsaPss(M, pubKey)\nencSig = AESenc(sig_s, symKey)\nencSig: "0x5166d34d" Server\nbob.com->Client\nBrowser: sends Authentication Header \n{"user":"alice_123", "chall_s":"13256897",\n "encSK":"665", "chall_c":"24681357",\n "action":\n"login bob.com 2023-08-06_15-32",\n"encSig":"0x5166d34d"} \nwith session cookie 0x5e55c00c Client\nBrowser->Client\nBrowser: M_s = (u, chall_s, encSK, chall_client, a)\nencSig = "0x5166d34d"\nsig_s = AESdec(encSig, symKey)\n RsaPssVerify(M_s, sig_s, privKey)\nsig_a = RsaPss(M_s, privKey)\n sig_a: "0x516ac710"\n . \n . \n . Client\nBrowser->Server\nbob.com: sends Authentication Header \n{"user":"alice_123", "chall_s":"13256897",\n "encSK":"665", "chall_c":"24681357",\n "action":\n"login bob.com 2023-08-06_15-32",\n"sig_a":"0x5166d34d"} \nwith session cookie 0x5e55c00c Server\nbob.com->Server\nbob.com: cookie = "0x5e55c00c"\nu = "alice_123"\n chall_s = "13256897"\n encSK = "665"\nchall_c = "24681357"\nsig_a = "0x5166d34d"\ns = session(cookie) \n s.affirmUserChall(u,chall_s)\npubKey = s.usersPubKey()\nRsaPssVerify(M_s, sig_a, pubKey) Server\nbob.com->Client\nBrowser: sends bob.com/my-account content \n and Authentication Header\n{"user":"alice_123", "chall_s":"13256897",\n "encSK":"665", "chall_c":"24681357",\n "success":\n"login bob.com 2023-08-06_15-32"}\nwith session cookie 0x5e55c00c Client\nBrowser->User\nAlice: Prompts:\n'Login bob.com 2023-08-06_15-32'\nwas successful!\nand displays "My Bob-Account" ```