CPace balanced PAKE protocol implementation.
Project description
CPace
Python implementation of CPace, the balanced composable password-authenticated key exchange (PAKE) recommended by the CFRG, in its CPACE-X25519-SHA512 cipher suite, with the draft's optional explicit mutual key confirmation.
A PAKE lets two parties who share a low-entropy secret (a PIN, a short password) derive a strong shared key over an insecure channel, such that an active attacker gets exactly one online password guess per protocol run and learns nothing usable for offline brute-force.
Implemented and reviewed against draft-irtf-cfrg-cpace revision 21; all known-answer tests from the draft's testvectors.json pass, including the full invalid-point rejection set.
Install
pip install cpace
Security considerations
- Anonymous unless you supply identities. With the default empty
ad/peer_ad, a verifying confirmation tag proves the peer used the same password — not which peer. To authenticate identities, bind them intociand/orad/peer_ad; what an identity is and how it is checked is the application's responsibility — the library only guarantees the run fails unless both sides agree on the bytes. As a baseline,verify()rejects a peer that merely reflects your own share and tag back, so confirmation cannot be satisfied by echoing your own messages. - Timing side channels. The password-dependent Elligator2 map is branchless (no secret-dependent branches or memory indexing), but it runs on CPython big integers, whose arithmetic is not constant-time. The draft requires the mapping to execute in constant time; that guarantee is not achievable in pure Python. This is a deliberate trade-off: it is fine for rate-limited, short-lived secrets (device-pairing PINs with attempt lockout), but reconsider before using this library with long-term passwords against an attacker who can precisely time your process (e.g. co-located on the same host).
- No secret zeroization. Python's memory model does not allow reliably wiping the scalar, ISK, or password copies from memory.
Scope
Only the CPACE-X25519-SHA512 suite in initiator-responder mode is implemented. Symmetric (unordered) mode and the other cipher suites from the draft are out of scope for now.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cpace-0.1.0.tar.gz.
File metadata
- Download URL: cpace-0.1.0.tar.gz
- Upload date:
- Size: 60.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
049d30b4389c965cb2d98551f2f7361382bfa342afc5d53b6dc16b84a5759ad2
|
|
| MD5 |
690405b2d0b70f3c2eca60f5f04c8f34
|
|
| BLAKE2b-256 |
02e90aa114fdf26b4112222ddbfd190197aa5d11bce21b4747cc1889998eead5
|
Provenance
The following attestation bundles were made for cpace-0.1.0.tar.gz:
Publisher:
publish.yml on arturpragacz/cpace-py
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cpace-0.1.0.tar.gz -
Subject digest:
049d30b4389c965cb2d98551f2f7361382bfa342afc5d53b6dc16b84a5759ad2 - Sigstore transparency entry: 2165117040
- Sigstore integration time:
-
Permalink:
arturpragacz/cpace-py@ce9f3a6c7bd0a0933c9f324b4f34d4a98f1ae9d8 -
Branch / Tag:
refs/tags/0.1.0 - Owner: https://github.com/arturpragacz
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ce9f3a6c7bd0a0933c9f324b4f34d4a98f1ae9d8 -
Trigger Event:
release
-
Statement type:
File details
Details for the file cpace-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cpace-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9fabb60a711a85934225be4081b3f5994e1ca4cd1335c5b9171770c8f1a2fda3
|
|
| MD5 |
d45b86c5da969e1b76fd91262884c25c
|
|
| BLAKE2b-256 |
fae8949c45844ad0d65d0112c2c4fa11cc8a7c4359fe2a20667e00c930860bef
|
Provenance
The following attestation bundles were made for cpace-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on arturpragacz/cpace-py
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cpace-0.1.0-py3-none-any.whl -
Subject digest:
9fabb60a711a85934225be4081b3f5994e1ca4cd1335c5b9171770c8f1a2fda3 - Sigstore transparency entry: 2165117076
- Sigstore integration time:
-
Permalink:
arturpragacz/cpace-py@ce9f3a6c7bd0a0933c9f324b4f34d4a98f1ae9d8 -
Branch / Tag:
refs/tags/0.1.0 - Owner: https://github.com/arturpragacz
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ce9f3a6c7bd0a0933c9f324b4f34d4a98f1ae9d8 -
Trigger Event:
release
-
Statement type: