Abstract
Since the first password-based authenticated key exchange (PAKE) was proposed, it has enjoyed a considerable amount of interest from the cryptographic research community. To our best knowledge, most of proposed PAKEs based on Diffie-Hellman key exchange need some public information, such as generators of a finite cyclic group. However, in a client-server environment, not all servers use the same public information, which demands clients authenticate those public information before beginning PAKE. It is cumbersome for users. What’s worse, it may bring some secure problems with PAKE, such as substitution attack. To remove these problems, in this paper, we present an efficient password-based authenticated key exchange protocol without any public information. We also provide a formal security analysis in the nonconcurrent setting, including basic security, mutual authentication, and forward secrecy, by using the random oracle model.
Supported by National 863 Project of China, No.2006AA01Z424, National Natural Science Foundation of China, No.60673079 and No.60572155, Research Fund for the Doctoral Program of Higher Education, No.20060248008.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abdalla, M., Pointcheval, D.: Simple Password-based Encrypted Key Exchange Protocols. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)
Bresson, E., Chevassut, O., Pointcheval, D.: Security Proofs for an Efficient Password-Based Key Exchange. In: Proc. of the 10th ACM Conference on Computer and Communication Security, pp. 241–250. ACM Press, New York (2003)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. of the IEEE Symposium on Research in Secruity and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)
Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: A passowrd-based protocol secure against dictionary attacks and password file compromise. In: ACM CCS 1993, pp. 244–250. ACM Press, New York (1993)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Catalano, D., Pointcheval, D., Pornin, T.: IPAKE: Isomorphisms for Password-based Authenticated Key Exchange. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 477–493. Springer, Heidelberg (2004)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Trans. Info. Theory 22(6), 644–654 (1976)
ElGamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory IT-31(4), 469–472 (1985)
Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 524–542. Springer, Heidelberg (2003)
Halevi, S., Krawczyk, H.: Public-Key Cryptography and Password Protocols. ACM Trans. on Info. and Sys. Security 2(3), 230–268 (1999)
IEEE Standard 1363-2000: Standard Specifications for Public Key Cryptography. IEEE (August 2000), available from http://grouper.ieee.org/groups/1363
Kobara, K., Imai, H.: Pretty-simple password-authenticated key-exchange under standard assumptions. IEICE Trans. E85-A(10), 2229–2237 (2002)
Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Katz, J., Ostrovsky, R., Yung, M.: Forward Screcy in Password-only Key Exchange Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 29–44. Springer, Heidelberg (2003)
Lomas, T.M.A., Gong, L., Saltzer, J.H., Needham, R.M.: Reducing Risks from Poorly-Chosen Keys. ACM Operating Systems Review 23(5), 14–18 (1989)
Lucks, S.: Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys. In: Christianson, B., Lomas, M. (eds.) Security Protocols. LNCS, vol. 1361, pp. 79–90. Springer, Heidelberg (1998)
MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000)
Jablon, D.P.: Strong password-only authenticated key exchange. SIGCOMM Computer Communications Review 26(5), 5–26 (1996)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Solovay, R., Strassen, V.: A fast Monte-Carlo test for primality. SIAM Journal of Computing 6(1) (1977)
Shao, J., Cao, Z., Wang, L., Lu, R.: Efficient Password-based Authenticated Key Exchange without Public Information. Cryptology ePrint Archieve: Report (2007)
Weisstein, E. W.: Primality Testing Is Easy, http://mathworld.wolfram.com/news/2002-08-07/primetest/
Zhang, M.: New Approaches to Password Authenticated Key Exchange Based on RSA. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 230–244. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shao, J., Cao, Z., Wang, L., Lu, R. (2007). Efficient Password-Based Authenticated Key Exchange Without Public Information. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)