Practical Threshold Password-Authenticated Secret Sharing Protocol

  • Xun YiEmail author
  • Feng Hao
  • Liqun Chen
  • Joseph K. Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9326)


Threshold password-authenticated secret sharing (TPASS) protocols allow a client to secret-share a secret s among n servers and protect it with a password \(\mathsf {pw}\), so that the client can later recover s from any subset of t of the servers using the password \(\mathsf {pw}\), but so that no coalition smaller than t learns anything about s or can mount an offline dictionary attack on the password \(\mathsf {pw}\). Some TPASS protocols have appeared in the literature recently. The protocol by Bagherzandi et al. (CCS 2011) leaks the password if a client mistakenly executes the protocol with malicious servers. The first t-out-of-n TPASS protocol for any \(n>t\) that does not suffer from this shortcoming was given by Camenisch et al. (CRYPTO 2014). This protocol, proved to be secure in the UC framework, requires the client to involve in many communication rounds so that it becomes impractical for the client. In this paper, we present a practical TPASS protocol which is in particular efficient for the client, who only needs to send a request and receive a response. In addition, we have provided a rigorous proof of security for our protocol in the standard model.


Threshold password-authenticated secret sharing protocol ElGamal encryption scheme Shamir secret sharing scheme Diffie-Hellman problems 


  1. 1.
    Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: ACM CCS 2011, pp. 433–444 (2011)Google Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Eurocrypt 2000, pp. 139–155 (2000)CrossRefGoogle Scholar
  3. 3.
    Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: Nightingale: a new two-server approach for authentication with short secrets. In: 12th USENIX Security Symposium, pp. 201–213 (2003)Google Scholar
  4. 4.
    Camenisch, J., Lysyanskaya, A., Neven, G.: Practical yet universally composable two-server password-authenticated secret sharing. In: ACM CCS 2012, pp. 525–536 (2012)Google Scholar
  5. 5.
    Camenisch, J., Lysyanskaya, A., Lysyanskaya, A., Neven. G.: Memento: How to reconstruct your secrets from a single password in a hostile environment. In: Crypto 2014, pp. 256–275 (2014)Google Scholar
  6. 6.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 32(2), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  7. 7.
    ElGamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: 5th IEEE International Workshop on Enterprise Security (2000)Google Scholar
  9. 9.
    Jablon, D.: Password authentication using multiple servers. In: CT-RSA 2001, pp. 344–360 (2001)CrossRefGoogle Scholar
  10. 10.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Eurocrypt 2001, pp. 457–494 (2001)Google Scholar
  11. 11.
    Katz, J., MacKenzie, P., Taban, G., Gligor, V.: Two-server password-only authenticated key exchange. In: ACNS 2005, pp. 1–16 (2005)Google Scholar
  12. 12.
    MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. J. Cryptol. 19(1), 27–66 (2006)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Di Raimondo, M., Gennaro, R.: Provably secure threshold password-authenticated key exchange. J. Comput. Syst. Sci. 72(6), 978–1001 (2006)MathSciNetCrossRefGoogle Scholar
  14. 14.
    RSA, The Security Division of EMC: New RSA innovation helps thwart "smash-and-grab" credential theft. Press release (2012)Google Scholar
  15. 15.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Yi, X., Ling, S., Wang, H.: Efficient two-server password-only authenticated key exchange. IEEE Trans. Parallel Distrib. Syst. 24(9), 1773–1782 (2013)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Yi, X., Hao, F., Bertino, E.: ID-based two-server password-authenticated key exchange. In: ESORICS 2014, pp. 257–276 (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  1. 1.School of CS and ITRMIT UniversityMelbourneAustralia
  2. 2.School of Computing ScienceNewcastle UniversityNewcastle upon TyneUK
  3. 3.Hewlett-Packard LaboratoriesBristolUK
  4. 4.Faculty of Information TechnologyMonash UniversityMelbourneAustralia

Personalised recommendations