ID-Based Two-Server Password-Authenticated Key Exchange

  • Xun Yi
  • Feng Hao
  • Elisa Bertino
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)


In two-server password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares of its password in the two servers, respectively, and the two servers then cooperate to authenticate the client without knowing the password of the client. In case one server is compromised by an adversary, the password of the client is required to remain secure. In this paper, we present a compiler that transforms any two-party PAKE protocol to a two-server PAKE protocol. This compiler is mainly built on two-party PAKE and identity-based encryption (IBE), where the identities of the two servers are used as their public keys. By our compiler, we can construct a two-server PAKE protocol which achieves implicit authentication with only two communications between the client and the servers. As long as the underlying two-party PAKE protocol and IBE scheme have provable security without random oracles, the two-server PAKE protocol constructed by our compiler can be proven to be secure without random oracles.


Password-authenticated key exchange identity-based encryption Diffie-Hellman key exchange Decisional Diffie-Hellman problem 


  1. 1.
    Abdalla, M., Fouque, P.A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocol secure against dictionary attack. In: Proc. 1992 IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Katz, J.: Improved efficiency for CCA-secure cryptosystems built using identity based encryption. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 87–103. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: Nightingale: A new two-server approach for authentication with short secrets. In: Proc. 12th USENIX Security Symp., pp. 201–213 (2003)Google Scholar
  9. 9.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Proc. CCS 2003, pp. 241–250 (2003)Google Scholar
  10. 10.
    Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 32(2), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  14. 14.
    ElGamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: Proc. 5th IEEE Intl. Workshop on Enterprise Security (2000)Google Scholar
  16. 16.
    Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Gong, L., Lomas, T.M.A., Needham, R.M., Saltzer, J.H.: Protecting poorly-chosen secret from guessing attacks. IEEE J. on Selected Areas in Communications 11(5), 648–656 (1993)CrossRefGoogle Scholar
  19. 19.
    Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Transactions on Information and System Security 2(3), 230–268 (1999)CrossRefGoogle Scholar
  20. 20.
    Jablon, D.: Password authentication using multiple servers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 344–360. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Jiang, S., Gong, G.: Password based key exchange with mutual authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 267–279. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Jin, H., Wong, D.S., Xu, Y.: An efficient password-only two-server authenticated key exchange system. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 44–56. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Katz, J., MacKenzie, P., Taban, G., Gligor, V.: Two-server password-only authenticated key exchange. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 1–16. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. Intl. J. Information Security 9(6), 387–410 (2010)CrossRefGoogle Scholar
  26. 26.
    MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. J. Cryptology 19(1), 27–66 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  27. 27.
    Di Raimondo, M., Gennaro, R.: Provably Secure Threshold Password-Authenticated Key Exchange. J. Computer and System Sciences 72(6), 978–1001 (2006)CrossRefzbMATHGoogle Scholar
  28. 28.
    Szydlo, M., Kaliski, B.: Proofs for two-server password authentication. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 227–244. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Yang, Y., Bao, F., Deng, R.H.: A new architecture for authentication and key exchange using password for federated enterprise. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IFIP AICT, vol. 181, pp. 95–111. Springer, Heidelberg (2005)Google Scholar
  31. 31.
    Yang, Y., Deng, R.H., Bao, F.: A practical password-based two-server authentication and key exchange system. IEEE Trans. Dependable and Secure Computing 3(2), 105–114 (2006)CrossRefGoogle Scholar
  32. 32.
    Yang, Y., Deng, R.H., Bao, F.: Fortifying password authentication in integrated healthcare delivery systems. In: Proc. ASIACCS 2006, pp. 255–265 (2006)Google Scholar
  33. 33.
    Yi, X., Tso, R., Okamoto, E.: ID-based group password-authenticated key exchange. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 192–211. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Yi, X., Tso, R., Okamoto, E.: Identity-based password-authenticated key exchange for client/server model. In: SECRYPT 2012, pp. 45–54 (2012)Google Scholar
  35. 35.
    Yi, X., Ling, S., Wang, H.: Efficient two-server password-only authenticated key exchange. IEEE Trans. Parallel Distrib. Syst. 24(9), 1773–1782 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Xun Yi
    • 1
  • Feng Hao
    • 2
  • Elisa Bertino
    • 3
  1. 1.School of CS and ITRMIT UniversityAustralia
  2. 2.School of Computing ScienceNewcastle UniversityUK
  3. 3.Department of Computer SciencePurdue UniversityUSA

Personalised recommendations