IND-PCA Secure KEM Is Enough for Password-Based Authenticated Key Exchange (Short Paper)

  • Haiyang XueEmail author
  • Bao Li
  • Xianhui Lu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10418)


There are several frameworks for password-based authenticated key exchange (PAKE) protocols with common reference string following the work of Katz, Ostrovsky and Yung (Eurocrypt’01), and it seems that the IND-CCA secure encryption is inevitable when constructing PAKE in standard model.

In this paper, we show that IND-PCA secure key encapsulation mechanism (KEM) is enough for PAKE, which is weaker and easier to be constructed than IND-CCA secure encryption. Our refined PAKE consists of a smooth projective hash function on IND-CPA secure encryption and an IND-PCA secure KEM. Based on DDH assumption, the total communication of PAKE consists of 6 group elements and \(\log |D|\) (D is the set of password) bits, while before this, the most efficient PAKE contains 7 group elements.


Password-based authenticated key exchange Smooth projective hash functions IND-PCA secure KEM 



Haiyang Xue are supported by the Foundation of Science and Technology on Communication Security Laboratory (9140C110206150C11049) and National Natural Science Foundation of China (No. 61602473, 61502480, 61672019). Bao Li is supported by the Foundation of Science and Technology on Communication Security Laboratory (9140C110206150C11049) and the National Natural Science Foundation of China (No. 61379137). Xianhui Lu is supported by the National Natural Science Foundation of China (No. 61572495).


  1. 1.
    Abdalla, M., Benhamouda, F., Pointcheval, D.: Public-key encryption indistinguishable under plaintext-checkable attacks. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 332–352. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_15 Google Scholar
  2. 2.
    Bellovin, M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
  3. 3.
    Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_12 CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_11 CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_4 CrossRefGoogle Scholar
  7. 7.
    Choi, S.G., Herranz, J., Hofheinz, D., Hwang, J.Y., Kiltz, E., Lee, D.H., Yung, M.: The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure. Inf. Process. Lett. 109(16), 897–901 (2009)Google Scholar
  8. 8.
    Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_24 CrossRefGoogle Scholar
  9. 9.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_33 CrossRefGoogle Scholar
  10. 10.
    Groce, A., Katz, J.: A new framework for efficient password-based authenticated key exchange. In: ACM Conference on Computer and Communications Security, pp. 516–525 (2010)Google Scholar
  11. 11.
    Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 637–653. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_37 CrossRefGoogle Scholar
  12. 12.
    Jiang, S., Gong, G.: Password based key exchange with mutual authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 267–279. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30564-4_19 CrossRefGoogle Scholar
  13. 13.
    Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_26 CrossRefGoogle Scholar
  14. 14.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_29 CrossRefGoogle Scholar
  15. 15.
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_34 CrossRefGoogle Scholar
  16. 16.
    Mei, Q., Li, B., Lu, X., Jia, D.: Chosen ciphertext secure encryption under factoring assumption revisited. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 210–227. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19379-8_13 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Data Assurance and Communication Security Research Center, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.Science and Technology on Communication Security LaboratoryChengduChina
  3. 3.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations