System and method for generating a server-assisted strong password from a weak secret

What is claimed is: 1. A method for retrieving a high entropy password from a system including a recovery client computer and one or more server computers, the method comprising: preparing to retrieve the high entropy password in utilizing the recover client computer and at least one of the one or more server computers by: choosing, by at least one of the recovery client computer and at least one of the one or more server computers, a threshold t≦n, where t and n represent a number of server computers; retrieving the high entropy password in utilizing the recover client computer and at least one of the one or more server computers by: running, by at least one of the recovery client computer and at least one of the one or more server computers, (pk t ;{(pk i ,sk i )} 0<i≦n )←TKeyGen(1 λ ,t,n), from the recovery client computer to the one or more server computers; where pk t is a public key, pk i is a public key and sk i is a secret key, where TKeyGen is an algorithm that outputs the public (pk t ) and the public (pk i ) key for each participant and the secret key (sk i ) of a scheme, where λ is a security parameter nεN a number of participants, t≦nεN is a threshold given by: ( pk t ,{( pk i ,sk i )} 0<i≦n )← TKeyGen (1 λ ,t,n ); dividing, by at least one of the recovery client computer and at least one of the one or more server computers, pk t , pk i , and sk i arbitrarily among the one or more server computers; where each server computer receives a share of pk t , pk i , and sk i; setting, by at least one of the recovery client computer and at least one of the one or more server computers, c=G(m), where c is password ciphertext, G is a hash function and m is a message; blinding, by at least one of the recovery client computer and at least one of the one or more server computers, ciphertext c where setting c′=TEnc(pk t ,1), where algorithm TEnc gets as input the public key pk t , a message mεM to encrypt, where m and M are both messages; and outputs a cipher-text c: c←TEnc(pk t ,m); randomizing, by at least one of the recovery client computer and at least one of the one or more server computers, c″←c c′ in a homomorphic form; decrypting, by at least one of the recovery client computer and at least one of the one or more server computers, c″ by applying a decryption share (d i ,π i )←PDec(sk i ,c″), where c′ is the blinding ciphertext and c″ is the blinded ciphertext, where algorithm PDec outputs a decryption share d i , or a special symbol ⊥∉M if decryption failed, a proof π i that decryption was performed correctly with respect to a partial secret key sk i and the cipher-text c: ( d i ,π i )← PDec ( sk i ,c ); sharing the high entropy password in utilizing the recover client computer and at least one of the one or more server computers by: sending, by at least one of the one or more server computers, (d i ,π i ) from a server computer to the recovery client computer, wherein the high entropy password is generated based on (d i ,π i ) and provided to a user. 2. The method of claim 1 , where the retrieving further includes utilizing two further algorithms namely algorithm TDec that outputs a message m, or the special symbol ⊥∉M if decryption of the cipher-text c failed with respect to at least t partial decryption shares d i such that: m←PDec ({ d i } 0<i≦t ), and algorithm VfPDec that outputs a decision dε{0,1} on input (pk i ,d i ,c,π i ) stating whether the decryption of the cipher-text c was performed correctly with respect to the partial secret key sk i and the cipher-text c such that: d←VfPDec ( pk i ,d i ,c,π i ). 3. The method of claim 2 , where the system checks each π i using VfPDec, chooses t correctly computed d i and outputs TDec({d i } 0<i≦t ), to the user, which is the high-entropy password to a generating client and/or the recovery client computer. 4. The method of claim 1 , where n≧1 if the user takes a key pair-share. 5. The method of claim 1 , where n is that or equal to 2, when the user does not take a share. 6. The method of claim 1 , further comprising setting m=(Uid i ,X) where X is a uniform resource locator for a website that uses the high entropy password and Uid i is a login password and where a function of m is transmitted from the recovery client computer to the one or more server computers.