Abstract
Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a hierarchical group PAKE protocol nPAKE + protocol under the setting where each party shares an independent password with a trusted server. The nPAKE + protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(logn). Additionally, the hierarchical feature of nPAKE + enables every subgroup obtains their own subgroup key in the end. We also prove the security of our protocol under the random oracle model and the ideal cipher model.
Chapter PDF
Similar content being viewed by others
References
Abdalla, M., Pointcheval, D., Scalable, A.: A Scalable Password-Based Group Key Exchange Protocol in the Standard Model. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 332–347. Springer, Heidelberg (2006)
Asokan, N., Ginzboorg, P.: Key Agreement in Ad-hoc Networks. Computer Communications 23(18), 1627–1637 (2000)
Bellare, M., Rogaway, P.: The AuthA Protocol for Password-Based Authenticated Key Exchange. In: Contribution to the IEEE P1363 study group (March 2000)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password Based Protocols Secure against Dictionary Attacks. In: Proceedings 1992 IEEE Symposium on Research in Security and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)
Bellovin, S.M., Merritt, M.: Augmented EncryptedKey Exchange: A Password-based Protocol Secure against Dictionary attacks and Password File Compromise. In: Proceedings of CCS 1993, pp. 244–250 (1993)
Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, Springer, Heidelberg (2002)
Bresson, E., Chevassut, O., Pointcheval, D.: Security Proofs for an Efficient Password-Based Key Exchange. In: Proceedings of the 10th ACM Conference on Computer and Communications Security 2003, pp. 241–250 (2003)
Burmester, M., Desmedt, Y., Secure, A.: Efficient Conference Key Distribution System (extended abstract). In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, Springer, Heidelberg (1995)
Byun, J.W., Lee, D.H.: N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 75–90. Springer, Heidelberg (2005)
Byun, J.W., Lee, S.-M., Lee, D.H., Hong, D.: Constant-Round Password-Based Group Key Generation for Multi-layer Ad-Hoc Networks. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 3–17. Springer, Heidelberg (2006)
Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.-S.: Password-Authenticated Key Exchange between Clients with Different Passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Dutta, R., Barua, R.: Password-Based Encrypted Group Key Agreement. International Journal of Network Security 3(1), 23–34 (2006)
Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)
Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Jablon, D.: Strong Password-Only Authenticated Key Exchange. Computer Communication Review, ACM SIGCOMM 26(5), 5–26 (1996)
Jablon, D.P.: Extended Password Key Exchange Protocols Immune to Dictionary Attacks. In: WETICE 1997, pp. 248–255. IEEE Computer Society, Los Alamitos (June 1997)
Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Katz, J., Ostrovsky, R., Yung, M.: Forward Security in Password-Only Key Exchange Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, Springer, Heidelberg (2003)
Kim, Y., Perrig, A., Tsudik, G.: Simple and Fault-tolerant Key Agreement for Dynamic Collaborative Groups. In: Proceedings of CCS 2000 (2000)
Kim, Y., Perrig, A., Tsudik, G.: Communication-Efficient Group Key Agreement. In: Proceedings of IFIP SEC 2001 (2001)
Lee, S.-M., Hwang, J.Y., Lee, D.H.: Efficient Password-Based Group Key Exchange. In: Katsikas, S.K., Lopez, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 191–199. Springer, Heidelberg (2004)
Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party Encrypted Key Exchange: Attacks and A Solution. ACM Operating Systems Review 34(4), 12–20 (2000)
Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party Encrypted Key Exchange Without Server Public-Keys. IEEE Communications Letters 5(12), 497–499 (2001)
Lucks, S.: Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys. In: Security Protocols Workshop, pp. 79–90 (1997)
MacKenzie, P.: The PAK suite: Protocols for Password-Authenticated Key Exchange. Submission to IEEE P1363.2, (April 2002)
McGrew, D., Sherman, A.: Key Establishment in Large Dynamic Groups Using One-way Function Trees. Techinical Report 0755, Network Associates, Inc (1998)
Perrig, A., Song, D., Tygar, D.: ELK, A New Protocol for Efficient Large-Group Key Distribution. In: Proceedings of IEEE Syposium on Security and Privacy (2001)
Steer, D., Strawczynski, L., Diffie, W., Wiener, M.: A Secure Audio Teleconference System. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, Springer, Heidelberg (1990)
Steiner, M., Tsudik, G., Waidner, M.: Refinement and Extension of Encrypted Key Exchange. ACM SIGOPS Operating Systems Review 29(3), 22–30 (1995)
Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman Key Distribution Extended to Group Communication. In: Proceedings of CCS 1996 (March 1996)
Steiner, M., Tsudik, G., Waidner, M.: Cliques: A New Approach to Group Key Agreement. In: IEEE TPDS (August 2000)
Steiner, M., Tsudik, G., Waidner, M.: Key Agreement in Dynamic Peer Groups. In: IEEE Transactions on Parallel and Distributed Systems (August 2000)
Tang, Q., Chen, L.: Weaknesses in Two Group Diffie-Hellman Key Exchange Protocols. Cryptology ePrint Archive (2005)/197
Tang, Q., Choo, K.-K.: Secure Password-based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, Springer, Heidelberg (2006)
Wallner, D.M., Harder, E.J., Agee, R.C.: Key Management for Multicast: Issues and Architectures, Internet Request for Comments 2627, (June 1999)
Wong, C.K., Gouda, M., Lam, S.: Secure Group Communications Using Key Graphs. In: Proceedings of SIGCOMM 1998 (1998)
Wu, T.: The Secure Remote Password Protocol. In: 1998 Internet Society Symposium on Network and Distributed System Security, pp. 97–111 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wan, Z., Deng, R.H., Bao, F., Preneel, B. (2007). nPAKE + : A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords. In: Qing, S., Imai, H., Wang, G. (eds) Information and Communications Security. ICICS 2007. Lecture Notes in Computer Science, vol 4861. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77048-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-77048-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77047-3
Online ISBN: 978-3-540-77048-0
eBook Packages: Computer ScienceComputer Science (R0)