University of Hertfordshire

By the same authors

Pico without public keys

Research output: Chapter in Book/Report/Conference proceedingConference contribution


  • B. Christianson
  • Frank Stajano
  • Mark Lomas
  • Graeme Jenkinson
  • Payne Jeunese
  • Quentin Stafford-Fraser
  • Max Spencer
View graph of relations
Original languageEnglish
Title of host publicationSecurity Protocols XXIII
PublisherSpringer-Verlag, (Berlin-Heidelberg)
Number of pages17
ISBN (Electronic)978-3-319-26096-9
ISBN (Print)978-3-319-26095-2
Publication statusE-pub ahead of print - 25 Nov 2015
EventSecurity Protocols XXIII 23rd International Workshop - Cambridge, United Kingdom
Duration: 31 Mar 20152 Apr 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)


ConferenceSecurity Protocols XXIII 23rd International Workshop
Country/TerritoryUnited Kingdom


Pico is a user authentication system that does not require
remembering secrets. It is based on a personal handheld token that holds
the user’s credentials and that is unlocked by a “personal aura” generated
by digital accessories worn by the owner. The token, acting as prover,
engages in a public-key-based authentication protocol with the verifier.
What would happen to Pico if success of the mythical quantum computer
meant secure public key primitives were no longer available, or if for
other reasons such as energy consumption we preferred not to deploy
them? More generally, what would happen under those circumstances
to user authentication on the web, which relies heavily on public key
cryptography through HTTPS/TLS?
Although the symmetric-key-vs-public-key debate dates back to the 1990s,
we note that the problematic aspects of public key deployment that were
identified back then are still ubiquitous today. In particular, although
public key cryptography is widely deployed on the web, revocation still
doesn’t work.
We discuss ways of providing desirable properties of public-key-based
user authentication systems using symmetric-key primitives and tamperevident
tokens. In particular, we present a protocol through which a
compromise of the user credentials file at one website does not require
users to change their credentials at that website or any other.
We also note that the current prototype of Pico, when working in compatibility
mode through the Pico Lens (i.e. with websites that are unaware
of the Pico protocols), doesn’t actually use public key cryptography,
other than that implicit in TLS. With minor tweaks we adopt this as the
native mode for Pico, dropping public key cryptography and achieving
much greater deployability without any noteworthy loss in security.


This document is the Accepted Manuscript version of the following paper: Frank Stajano, Bruce Christianson, Mark Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer, and Quentin Stafford Fraser, 'Pico without Public Keys', Security Protocols XXIII, 23rd International Workshop Cambridge, March 31- April 2, 2015, Revised Selected Papers, pp. 195-211, part of the Lecture Notes in Computer Science book series (LNCS, Vol. 9379), first online 25 November 2015, ISBN: 978-3-319-26095-2. The final publication is available at Springer via:

ID: 9233760