More Web Proxy on the site http://driver.im/

Article

Password based server aided key exchange

Authors:

Yiu Shing Terry Tin,

Colin BoydAuthors Info & Claims

ACNS'06: Proceedings of the 4th international conference on Applied Cryptography and Network Security

Pages 146 - 161

https://doi.org/10.1007/11767480_10

Published: 06 June 2006 Publication History

Abstract

We propose a new password-based 3-party protocol with a formal security proof in the standard model. Under reasonable assumptions we show that our new protocol is more efficient than the recent protocol of Abdalla and Pointcheval (FC 2005), proven in the random oracle model. We also observe some limitations in the model due to Abdalla, Fouque and Pointcheval (PKC 2005) for proving security of such protocols.

References

[1]

M. Abdalla, P.-A. Fouque, and D. Pointcheval. Password-based authenticated key exchange in the three-party setting. In Public Key Cryptography-- PKC 2005, volume 3386 of LNCS, pages 65-84. Springer, 2005.

Digital Library

[2]

M. Abdalla and D. Pointcheval. Interactive Diffie-Hellman assumptions with applications to password-based authentication. In Financial Cryptography and Data Security--FC 2005, volume 3570 of LNCS, pages 341-356. Springer, 2005. Full version: http://www.di.ens.fr/$\sim$pointche/pub.php?reference=AbPo05.

Digital Library

[3]

M. Bellare, R. Canetti, and H. Krawczyk. A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the thirtieth annual ACM symposium on Theory of computing, pages 419-428. ACM Press, 1998. Full version: http:// www-cse.ucsd.edu/users/mihir/papers/key-distribution.html.

Digital Library

[4]

D. Boneh. The decision Diffie-Hellman problem. In Proceedings of the Third Algorithmic Number Theory Symposium, volume 1423 of LNCS, pages 48-

Digital Library

[5]

Springer, 1998.

[6]

M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In Advances in Cryptology - Eurocrypt 2000, volume 1807 of LNCS, pages 139-155. Springer, 2000.

Digital Library

[7]

M. Bellare and P. Rogaway. Entity authentication and key distribution. In Advances in Cryptology - CRYPTO'93, volume 773 of LNCS, pages 232- 249. Springer, 1993. Full version: www-cse.ucsd.edu/users/mihir.

Digital Library

[8]

M. Bellare and P. Rogaway. Provably secure session key distribution - the three party case. In Proceedings of the 27th ACM Symposium on the Theory of Computing, pages 57-66. ACM Press, 1995.

Digital Library

[9]

K.-K. R. Choo, C. Boyd, and Y. Hitchcock. Errors in computational complexity proofs for protocols. In Advances in Cryptology--Asiacrypt 2005, volume 3788 of LNCS, pages 624-643. Springer, 2005.

Digital Library

[10]

K.-K. R. Choo, C. Boyd, and Y. Hitchcock. Examining indistinguishabilitybased proof models for key establishment protocols. In Advances in Cryptology--Asiacrypt 2005, volume 3788 of LNCS, pages 585-604. Springer, 2005.

Digital Library

[11]

R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In Advances in Cryptology - Eurocrypt 2001, volume 2045 of LNCS, pages 453-474. Springer, 2001. http://eprint.iacr.org/2001/040.ps.gz.

Digital Library

[12]

Y. Dodis, R. Gennaro, J. Håstad, Krawczyk H., and T. Rabin. Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In Advances in Cryptology -- CRYPTO 2004 Proceedings, volume 3152 of LNCS, pages 494-510. Springer, 2004.

[13]

R. Gennaro, Krawczyk H., and T. Rabin. Secure hashed Diffie-Hellman over non-DDH groups. In Advances in Cryptology -- EUROCRYPT 2004 Proceedings, volume 3027 of LNCS, pages 361-381. Springer, 2004. Full version in: Cryptology ePrint Archive (http://eprint.iacr.org/2004/099), Report 2004/099.

[14]

Y. Hitchcock, C. Boyd, and J. M. González Nieto. Modular proofs for key exchange: rigorous optimizations in the Canetti-Krawczyk model. Applicable Algebra in Engineering, Communication and Computing (AAECC) Journal, 2005. Special issue on Mathematical Techniques in Cryptology; http://dx.doi.org/10.1007/s00200-005-0185-9.

Digital Library

[15]

S. Halevi and H. Krawczyk. Public-key cryptography and password protocols. ACM Trans. on Information and Systems Security, 2(3):230-268, 1999.

Digital Library

[16]

Y. Hitchcock, Y. S. T. Tin, C. Boyd, J. M. González Nieto, and P. Montague. A password-based authenticator: Security proof and applications. In 4th International Conference on Cryptology in India - INDOCRYPT 2003, volume 2904 of LNCS. Springer, 2003.

[17]

IEEE (Institute of Electrical and Electronics Engineers, Inc.). P1363.2: Standard specifications for password-based public-key cryptographic techniques (draft version d23), 2006. http://grouper.ieee.org/ groups/1363/passwdPK/draft.html.

[18]

J. Katz, R. Ostrovsky, and M. Yung. Efficient password-authenticated key exchange using human-memorable passwords. In Advances in Cryptology-- EUROCRYPT 2001, volume 2045 of LNCS, pages 475-494. Springer, 2001.

Digital Library

[19]

P. MacKenzie. The PAK suite: Protocols for passwordauthenticated key exchange. Technical Report 2002-46, DIMACS, 2002. ftp://dimacs.rutgers.edu/pub/dimacs/TechnicalReports/ TechReports/2002/2002-46.ps.gz.

Cited By

Ruoti SSeamons K(2017)End-to-End PasswordsProceedings of the 2017 New Security Paradigms Workshop10.1145/3171533.3171542(107-121)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1145/3171533.3171542
Yoneyama K(2008)Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract)Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology10.1007/978-3-540-89754-5_14(172-184)Online publication date: 14-Dec-2008
https://dl.acm.org/doi/10.1007/978-3-540-89754-5_14
Phan RGoi B(2006)Cryptanalysis of two provably secure cross-realm C2C-PAKE protocolsProceedings of the 7th international conference on Cryptology in India10.1007/11941378_9(104-117)Online publication date: 11-Dec-2006
https://dl.acm.org/doi/10.1007/11941378_9

Password based server aided key exchange

Recommendations

Provably secure CL-KEM-based password-authenticated key exchange protocol

Traditional password-based authentication protocols are vulnerable to various password-related attacks, while public key cryptography PKC is expensive to manage certificates. Moreover, the traditional identity-based cryptography suffers to key escrow. ...
Three-party password-based authenticated key exchange protocol based on bilinear pairings
ICICA'10: Proceedings of the First international conference on Information computing and applications

Three-party password-based authenticated key exchange (3- party PAKE) protocols enable two communication parties, each shares a human-memorable password with a trusted server, to establish a common session key with the help of the trusted server. We ...
New identity-based three-party authenticated key agreement protocol with provable security

Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

ACNS'06: Proceedings of the 4th international conference on Applied Cryptography and Network Security

June 2006

485 pages

ISBN:3540347038

Editors:
Jianying Zhou
Cryptography and Security Department Institute for Infocomm Research, Singapore
,
Moti Yung
Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, New York, NY, Singapore
,
Feng Bao
Computer Science Department, Institute for Infocomm Research, 1214 Amsterdam Avenue, New York, NY, Singapore

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 06 June 2006

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ruoti SSeamons K(2017)End-to-End PasswordsProceedings of the 2017 New Security Paradigms Workshop10.1145/3171533.3171542(107-121)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1145/3171533.3171542
Yoneyama K(2008)Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract)Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology10.1007/978-3-540-89754-5_14(172-184)Online publication date: 14-Dec-2008
https://dl.acm.org/doi/10.1007/978-3-540-89754-5_14
Phan RGoi B(2006)Cryptanalysis of two provably secure cross-realm C2C-PAKE protocolsProceedings of the 7th international conference on Cryptology in India10.1007/11941378_9(104-117)Online publication date: 11-Dec-2006
https://dl.acm.org/doi/10.1007/11941378_9

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents