Skip to main content
SpringerLink
Log in

Efficient Password-Authenticated Key Exchange Based on RSA

  • Conference paper
Topics in Cryptology – CT-RSA 2007 (CT-RSA 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4377))

Included in the following conference series:

Abstract

In this paper, we propose an efficient password-authenticated key exchange (PAKE) based on RSA, called RSA-EPAKE. Unlike SNAPI using a prime pubic key e greater than an RSA modulus n, RSA-EPAKE uses the public key e of a 96-bit prime, where e = 2H(n, s) + 1 for some s. By the Prime Number Theorem, it is easy to find such an s. But the probability that an adversary finds n and s with \(\gcd(e, \phi(n)) \neq 1\) is less than 2− 80. Hence, in the same as SNAPI, RSA-EPAKE is also secure against e-residue attacks. The computational load on Alice (or Server) and Bob (or Client) in RSA-EPAKE is less than in the previous RSA-based PAKEs such as SNAPI, PEKEP ,CEKEP, and QR-EKE. In addition, the computational load on Bob in RSA-EPAKE is less than in PAKEs based on Diffie-Hellman key exchange (DHKE) with a 160-bit exponent. If we exclude perfect forward secrecy from consideration, the computational load on Alice is a little more than that in PAKEs based on DHKE with a 160-bit exponent. In this paper, we compare RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provide a formal security analysis of RSA-EPAKE under the RSA assumption in the random oracle model.

This work was supported by the Korean Ministry of Information and Communication under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Assessment).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  2. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  3. Bellovin, S., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. of the IEEE Symposium on Research in Security and Privacy, pp. 72–84 (May 1992)

    Google Scholar 

  4. Bellovin, S., Merritt, M.: Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In: Proc. of the 1st ACM Conference on Computer and Communications Security, pp. 244–250. ACM, New York (1993)

    Chapter  Google Scholar 

  5. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Catalano, D., Pointcheval, D., Pornin, T.: IPAKE: Isomorphism for password-based authenticated key exchange. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 477–493. Springer, Heidelberg (2004)

    Google Scholar 

  7. Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–542. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Jablon, D.: Strong password-only authenticated key exchange. Computer Communication Review, ACM SIGCOMM 26(5), 5–26 (1996)

    Article  Google Scholar 

  10. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Kwon, T.: Authentication and key agreement via memorable passwords. In: Proc. of Network and Distributed System Security Symposium (February 2001)

    Google Scholar 

  12. Lucks, S.: Open key exchange: How to defeat dictionary attacks without encrypting public keys. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79–90. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  13. MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  14. Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    Book  Google Scholar 

  15. Patel, S.: Number theoretic attacks on secure password schemes. In: Proc. of IEEE Symposium on Security and Privacy (May 1997)

    Google Scholar 

  16. Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2005)

    MATH  Google Scholar 

  17. Wong, D., Chan, A., Zhu, F.: More efficient password authenticated key exchange based on RSA. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 375–387. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  18. Wu, T.: The secure remote password protocol. In: Proc. of Network and Distributed System Security Symposium, Sandiego, pp. 97–111 (March 1998)

    Google Scholar 

  19. Zhang, M.: New approaches to password authenticated key exchange based on RSA. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 230–244. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  20. Zhang, M.: New approaches to password authenticated key exchange based on RSA. Cryptology ePrint Archive, Report 2004/033, http://eprint.iacr.org

  21. Zhang, M.: Password authenticated key exchange using quadratic residues. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 233–247. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Zhu, F., Wong, D., Chan, A., Ye, R.: RSA-based password authenticated key exchange for imbalance wireless networks. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 150–161. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Gyeonggi-do, 440-746, Korea

    Sangjoon Park, Junghyun Nam, Seungjoo Kim & Dongho Won

Authors
  1. Sangjoon Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junghyun Nam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seungjoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Sharing Platform Laboratories, NTT Corporation, Japan

    Masayuki Abe

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, S., Nam, J., Kim, S., Won, D. (2006). Efficient Password-Authenticated Key Exchange Based on RSA. In: Abe, M. (eds) Topics in Cryptology – CT-RSA 2007. CT-RSA 2007. Lecture Notes in Computer Science, vol 4377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11967668_20

Download citation

  • DOI: https://doi.org/10.1007/11967668_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69327-7

  • Online ISBN: 978-3-540-69328-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation