Abstract
Three-party password-based authenticated key exchange (3-party PAKE) protocols enable two communication parties, each shares a human-memorable password with a trusted server, to establish a common session key with the help of the trusted server. We propose a provably-secure 3-party PAKE protocol using bilinear pairings, and prove its security in the random oracle model. The proposed protocol requires four communication steps, which is more efficient than previous solutions in terms of communication complexity. In addition to the semantic security, we also present the authentication security to resist the undetectable on-line dictionary attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Fouque, P., Pointcheval, D.: Password-Based Authenticated Key Exchange in The Three-Party Setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication. In: Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proc. of IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Canetti, R., Halevi, S., Katz, J.: Universally Composable Password-Based Key Exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005)
Chen, T., Lee, W., Chen, H.: A Round-And Computation-Efficient Three-Party Authenticated Key Exchange Protocol. Journal of System and Software 81(9), 1581–1590 (2008)
Kim, H., Choi, J.: Enhanced Password-Based Simple Three-Party Key Exchange Protocol. Computers and Electrical Engineering 35(1), 107–114 (2009)
Nam, J., Lee, Y., Kim, S., Won, D.: Security Weakness in a Three-Party Pairing-Based Protocol for Password Authenticated Key Exchange. Information Sciences 177(6), 1364–1375 (2007)
Needham, R.M., Schroeder, M.D.: Using Encryption for Authentication in Large Networks of Computers. Communications of the Association for Computing Machinery 21(12), 993–999 (1978)
Sun, H.M., Chen, B.C., Hwang, T.: Secure Key Agreement Protocols for Three-Party Against Guessing Attacks. The Journal of Systems and Software 75, 63–68 (2005)
Shin, S., Kobara, K., Imai, H.: Very-Efficient Anonymous Password-Authenticated Key Exchange And Its Extentions. In: Bras-Amorós, M., Høholdt, T. (eds.) AAECC 2009. LNCS, vol. 5527, pp. 149–158. Springer, Heidelberg (2009)
Sun, C.L., Sun, H.M., Hwang, T.: Three-Party Encrypted Key Exchange: Attacks And a Solution. ACM Operating System Review 34(4), 12–20 (2000)
Steiner, M., Tsudik, G., Waidner, M.: Refinement And Extension of Encrypted Key Exchange. ACM Operating Systems Review 29(3), 22–30 (1995)
Wang, W., Hu, L.: Efficient And Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 118–132. Springer, Heidelberg (2006)
Wen, H.A., Lee, T.F., Hwang, T.: Provably Secure Three-Party Password-Based Authenticated Key Exchange Protocol Using Weil Pairing. IEEE Proceedings-Communications 152(2), 138–143 (2005)
Yoneyama, K.: Efficient And Strongly Secure Password-Based Server Aided Key Exchange. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 172–184. Springer, Heidelberg (2008)
Yang, J., Zhang, J.F.: A New Anonymous Password-Based Authenticated Key Exchange Protocol. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 200–212. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wei, F., Ma, C., Cheng, Q. (2010). Three-Party Password-Based Authenticated Key Exchange Protocol Based on Bilinear Pairings. In: Zhu, R., Zhang, Y., Liu, B., Liu, C. (eds) Information Computing and Applications. ICICA 2010. Lecture Notes in Computer Science, vol 6377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16167-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-16167-4_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16166-7
Online ISBN: 978-3-642-16167-4
eBook Packages: Computer ScienceComputer Science (R0)