Password Authentication Using One-Time Key-Based Signature and Homomorphic Encryption

  • Jong-Hyuk Im
  • Mun-Kyu LeeEmail author
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 2)


User authentication is a process for a system to verify the identity of a claimed user and to give access permission. Although there are many other authentication methods such as biometrics and physical tokens, passwords are still being used in many applications due to easy deployment. To enhance the security against possible attacks such as an off-line dictionary attack, passwords are usually stored in a hashed form using a random nonce called a salt. However, this does not completely solve the security issue. In this paper, we propose a new password-based authentication method using homomorphic encryption where a password is stored in a remote server in an encrypted form and an input password is compared with the stored one on the encrypted domain. For this purpose, we also propose a new cryptographic primitive called one-time private key-based digital signature.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Provos, N., Mazieres D.: A Future-Adaptable Password Scheme. In: USENIX Annual Technical Conference ’16, FREENIX Track (1999)Google Scholar
  2. 2.
    Burr, W., Dodson, D., Newton, E., Perlner, R., Polk, W., Gupta, S., Nabbus, E.: Electronic Authentication Guideline. In: NIST Special Publication 800-63-2 (2013)Google Scholar
  3. 3.
    Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: STOC ’09, 169-178 (2010)Google Scholar
  4. 4.
    Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan V.: Fully Homomorphic Encryption over the integers. In: EUROCRYPT ’10, 24-42 (2010)Google Scholar
  5. 5.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) Fully Homomorphic Encryption without Bootstrapping. In: ITCS ’12, 309-325 (2012)Google Scholar
  6. 6.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: EUROCRYPT ’99, 223-238 (1999)Google Scholar
  7. 7.
    Turan, M., Barker, E., Burr, W., Chen, L.: Recommendation for Password-Based Key Derivation. In: NIST Special Publication 800-132 (2010)Google Scholar
  8. 8.
    Graepel, T., Lauter, K., Naehrig, M.: ML Confidential: Machine Learning on Encrypted Data. In: ICISC ’12, 1-21 (2012)Google Scholar
  9. 9.
    Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can Homomorphic Encryption Be Practical?. In: CCSW ’11, 113-124 (2011)Google Scholar
  10. 10.
    Im, J., Choi, J., Nyang, D., Lee, M.: Privacy-Preserving Palm Print Authentication using Homomorphic Encryption. In: IEEE DataCom ’16, 878-881 (2016)Google Scholar
  11. 11.
    Shahandashti, S., Safavi-Naini, R., Safa, N.: Reconciling User Privacy And Implicit Authentication for Mobile Devices. Computers and Security, 53, 215-233 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer and Information EngineeringInha UniversityIncheonSouth Korea

Personalised recommendations