Post-Quantum Secure Server-aided Password-based Authentication using Module-LWE

Post-Quantum Secure Server-aided Password-based Authentication using Module-LWE | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Post-Quantum Secure Server-aided Password-based Authentication using Module-LWE Shanu Poddar, Sai Sandilya Konduru, Sweta Mishra This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-9123847/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Password-based authentication systems remain the most widely used method for user verification despite being highly susceptible to offline dictionary attacks. To mitigate such attacks, server-aided password-based authentication schemes utilize an independent server, which helps to harden the credentials to be stored on the website database. Existing server-aided password-based authentication schemes rely on number-theoretic assumptions that are vulnerable to quantum-enabled adversaries and incorporate complex computations such as bilinear pairings, exponentiation, and Zero-Knowledge Proofs. In this work, we introduce a novel post-quantum secure server-aided password-based authentication scheme based on the Module Learning With Errors (M-LWE) problem. A defining feature of our protocol is its complete operational transparency as it integrates with existing web interfaces without requiring users to modify their login behaviour or perform additional computation. To ensure long-term resilience, our scheme includes a transparent key rotation mechanism that allows service providers to update the entire credential database with a fresh secret key without user intervention. We provide a formal security analysis in the Real-or-Random (RoR) framework. This analysis demonstrates that our protocol’s resistance to offline dictionary attacks reduces to the underlying hardness of the M-LWE problem and the system achieves forward secrecy through key rotation mechanism. Through an optimized Number Theoretic Transformation (NTT)-based implementation for faster polynomial multiplications, our empirical analysis demonstrates high computational efficiency, with average registration and authentication latencies of 3.09 ms and 2.48 ms, respectively. Passwords Authentication Password hardening Key rotation Post-Quantum Security Learning With Errors Quantum computation Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-9123847","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":609772148,"identity":"98a5e695-caa6-4d0b-b8ba-d79e4b557c60","order_by":0,"name":"Shanu Poddar","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAv0lEQVRIiWNgGAWjYFACxvYfHyogTAkwIgyYGyRnnCFNC3uDNG8bXAsRQH52Y4Mx77y6PIMDzAdv8zBY5BHUYnDnYEPi3G2Hiw0OsCVb8zBIFBPWIpHYcODttgOJGw7wmEkDtSQ2EHTYjMTGBt45dUAt/N+I08JwI7GZkbeBGWQLG3FagH5pY5xx7HDizMNsxpZzDIhx2Oz2ZwwfauoS+443P7zxpqKOCIfB44IZbClB9QzERt8oGAWjYBSMaAAAmyM8VYgo1vcAAAAASUVORK5CYII=","orcid":"","institution":"Shiv Nadar Institution of Eminence","correspondingAuthor":true,"prefix":"","firstName":"Shanu","middleName":"","lastName":"Poddar","suffix":""},{"id":609772149,"identity":"d4592430-b1ca-46cf-81a3-255713ddbf31","order_by":1,"name":"Sai Sandilya Konduru","email":"","orcid":"","institution":"Shiv Nadar Institution of Eminence","correspondingAuthor":false,"prefix":"","firstName":"Sai","middleName":"Sandilya","lastName":"Konduru","suffix":""},{"id":609772150,"identity":"39aed32d-fa75-4a74-ad35-4dc81e9551ef","order_by":2,"name":"Sweta Mishra","email":"","orcid":"","institution":"Shiv Nadar Institution of Eminence","correspondingAuthor":false,"prefix":"","firstName":"Sweta","middleName":"","lastName":"Mishra","suffix":""}],"badges":[],"createdAt":"2026-03-14 16:08:10","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-9123847/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-9123847/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":105564495,"identity":"4f12b359-fece-49d4-b58b-ee73517312f4","added_by":"auto","created_at":"2026-03-27 12:49:48","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":912441,"visible":true,"origin":"","legend":"","description":"","filename":"PostQuantumSecureServeraidedAuthentication.pdf","url":"https://assets-eu.researchsquare.com/files/rs-9123847/v1_covered_c8add687-7c97-4e7f-aba5-3931507e07b7.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Post-Quantum Secure Server-aided Password-based Authentication using Module-LWE","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Passwords, Authentication, Password hardening, Key rotation, Post-Quantum Security, Learning With Errors, Quantum computation","lastPublishedDoi":"10.21203/rs.3.rs-9123847/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-9123847/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Password-based authentication systems remain the most widely used method for user verification despite being highly susceptible to offline dictionary attacks. To mitigate such attacks, server-aided password-based authentication schemes utilize an independent server, which helps to harden the credentials to be stored on the website database. Existing server-aided password-based authentication schemes rely on number-theoretic assumptions that are vulnerable to quantum-enabled adversaries and incorporate complex computations such as bilinear pairings, exponentiation, and Zero-Knowledge Proofs. In this work, we introduce a novel post-quantum secure server-aided password-based authentication scheme based on the Module Learning With Errors (M-LWE) problem. A defining feature of our protocol is its complete operational transparency as it integrates with existing web interfaces without requiring users to modify their login behaviour or perform additional computation. To ensure long-term resilience, our scheme includes a transparent key rotation mechanism that allows service providers to update the entire credential database with a fresh secret key without user intervention. We provide a formal security analysis in the Real-or-Random (RoR) framework. This analysis demonstrates that our protocol’s resistance to offline dictionary attacks reduces to the underlying hardness of the M-LWE problem and the system achieves forward secrecy through key rotation mechanism. Through an optimized Number Theoretic Transformation (NTT)-based implementation for faster polynomial multiplications, our empirical analysis demonstrates high computational efficiency, with average registration and authentication latencies of 3.09 ms and 2.48 ms, respectively.","manuscriptTitle":"Post-Quantum Secure Server-aided Password-based Authentication using Module-LWE","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-03-24 04:05:53","doi":"10.21203/rs.3.rs-9123847/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"4c8c996c-fa77-4090-9099-99abff7f0fe0","owner":[],"postedDate":"March 24th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2026-03-24T13:27:11+00:00","versionOfRecord":[],"versionCreatedAt":"2026-03-24 04:05:53","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-9123847","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-9123847","identity":"rs-9123847","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}