THREE-PARTY PASSWORD-AUTHENTICATED KEY EXCHANGE WITHOUT RANDOM ORACLES

Xun Yi, Raylin Tso, Eiji Okamoto

Abstract

Password-authenticated key exchange (PAKE) in the 3-party setting is where two clients, who do not share a password between themselves but only with a server, establish a common session key with the help of the server. Abdalla, Fouque and Pointcheval were the first formally to address 3-party PAKE issue and presented a natural and generic construction from any 2-party PAKE protocols. Soon after, Abdalla and Pointcheval presented a more efficient 3-party PAKE protocol and proved its security in the random oracle model. In this paper, we present a new 3-party PAKE protocol on the basis of identity-based encryption and ElGamal encryption schemes. In our protocol, the client needs to remember passwords and the server’s identity only while the server keeps passwords in addition to a private key related to its identity. We have put forth a formal model of security for ID-based 3-party PAKE, and provided a rigorous proof of security for our protocol without random oracles.

References

  1. Abdalla, M., Fouque, P. A., and Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting. In Proc. PKC'05, pages 65-84.
  2. Abdalla, M., Fouque, P. A., and Pointcheval, D. (2006). Password-based authenticated key exchange in the three-party setting. IEE Proceedings in Information Security, 153(1):27-39.
  3. Abdalla, M. and Pointcheval, D. (2005). Interactive diffiehellman assumption with applications to passwordbased authentication. In Proc. FC'05, pages 341-356.
  4. Bellare, M., Pointcheval, D., and Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. In Proc. Eurocrypt'00, pages 139-155.
  5. Bellovin, S. M. and Merritt, M. (1992). Encrypted key exchange: Password-based protocol secure against dictionary attack. In Proc. 1992 IEEE Symposium on Research in Security and Privacy, pages 72-84.
  6. Bellovin, S. M. and Merritt, M. (1993). Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In Proc. CCS'93, pages 244-250.
  7. Boneh, D. and Franklin, M. (2001). Identity based encryption from the weil pairing. In Proc. Crypto'01, pages 213-229.
  8. Boneh, D. and Franklin, M. (2003). Identity based encryption from the weil pairing. SIAM Journal of Computing, 32(3):586-615.
  9. Boyko, V., Mackenzie, P., and Patel, S. (2000). Provably secure password-authenticated key exchange using diffie-hellman. In Proc. Eurocrypt'00, pages 156- 171.
  10. Bresson, E., Chevassut, O., and Pointcheval, D. (2003). Security proofs for an efficient password-based key exchange. In Proc. CCS'03.
  11. Bresson, E., Chevassut, O., and Pointcheval, D. (2004). New security results on encrypted key exchange. In Proc. PKC'04, pages 145-158.
  12. Byun, J. W., Jeong, I. R., Lee, D. H., and Park, C. S. (2002). Password-authenticated key exchange between clients with different passwords. In Proc. ICICS'02, pages 134-146.
  13. Diffie, W. and Hellman, M. (1976). New directions in cryptography. IEEE Trans. Information Theory, 22(6):644-654.
  14. ElGamal, T. (1985). A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory, 32(4):469472.
  15. Gentry, C. (2006). Practical identity-based encryption without random oracle. In Proc. Eurocrypt'06, pages 445- 464.
  16. Gong, L. (1995). Optimal authentication protocols resistant to password guessing attacks. In Proc. 8th IEEE Computer Security Foundations Workshop, pages 24-29.
  17. Gong, L., Lomas, T. M. A., Needham, R. M., and Saltzer, J. H. (1993). Protecting poorly-chosen secret from guessing attacks. IEEE J. on Selected Areas in Communications, 11(5):648-656.
  18. Huang, H. F. (1996). Strong password-only authenticated key exchange. ACM Computer Communication Review, 26(5):5-20.
  19. Huang, H. F. (2009). A simple three-party password-based key exchange protocol. International Journal of Communication Systems, 22(7):857862.
  20. Jablon, D. (1997). Extended password key exchange protocol immune to dictionary attack. In Proc. of WETICE'97, pages 248-255.
  21. Katz, J., Ostrovsky, R., and Yung, M. (2001). Efficient password-authenticated key exchange using humanmemorable passwords. In Proc. Eurocrypt'01, pages 457-494.
  22. Krawczyk, H. (2003). Sigma: The “sign-and-mac” approach to authenticated diffie-hellman and its use in the ike protocols. In Proc. Crypto'03, pages 17-21.
  23. Lin, C. L., Sun, H. M., and Hwang, T. (2000). Three-party encrypted key exchange: attacks and a solution. ACM SIGOPS Operating System Review, 34(4):12-20.
  24. Lucks, S. (1997). Open key exchange: How to defeat dictionary attacks without encryption public keys. In Security Protocol Workshop'97, pages 79-90.
  25. MacKenzie, P., Patel, S., and Swaminathan, R. (2000). Password-authenticated key exchange based on rsa. In Proc. Asiacrypt'00, pages 599-613.
  26. Nam, J., Kim, S., and Won, D. (2007). Security weakness in a three-party password-based key exchange protocol using weil pairing. Information Sciences: an International Journal, 177(6):1364-1375.
  27. Patel, S. (1997). Number-theoretic attack on secure password scheme. In Proc. IEEE Symposium on Research in Security and Privacy, pages 236-247.
  28. Steiner, M., Tsudik, G., and Widner, M. (1995). Refinement and extension of encrypted key exchange. ACM Operating System Review, 29(3):22-30.
  29. Wang, S., Wang, J., and Xu, M. (2004). Weakness of a password-authenticated key exchange protocol between clients with different passwords. In Proc. ACNS'04, pages 414-425.
  30. Waters, B. (2005). Efficient identity-based encryption without random oracles. In Proc. Eurocrypt'05, pages 114-127.
  31. Waters, B. (2009). Elgamal encryption. In CS395T Advanced Cryptography Lectures. http://userweb.cs.utexas.edu/˜rashid/395Tcrypt/2 1.pdf.
  32. Wen, H. A., Lee, T. F., and Hwang, T. (2005). Provably secure three-party password-based authentication key exchange protocol using weil pairing. IEE Proceeding - Communications, 152(2):138-143.
  33. Wu, T. (1998). The secure remote password protocol. In Proc. Internet Society Symp. on Network and Distributed System Security, pages 97-111.
  34. Yeh, H. T., Sun, H. M., and Hwang, T. (2003). Efficient three-party authentication and key agreement protocols resistant to password guessing attacks. Journal of Information Science and Engineering, 19(6):1059- 1070.
  35. Yi, X., Tso, R., and Okamoto, E. (2009). Id-based group password-authenticated key exchange. In Proc. IWSEC'09, pages 192-211.
  36. Yoon, E. J. and Yoo, K. Y. (2010). Cryptanalysis of a simple three-party password-based key exchange protocol. International Journal of Communication Systems.
Download


Paper Citation


in Harvard Style

Yi X., Tso R. and Okamoto E. (2011). THREE-PARTY PASSWORD-AUTHENTICATED KEY EXCHANGE WITHOUT RANDOM ORACLES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 15-24. DOI: 10.5220/0003446600150024


in Bibtex Style

@conference{secrypt11,
author={Xun Yi and Raylin Tso and Eiji Okamoto},
title={THREE-PARTY PASSWORD-AUTHENTICATED KEY EXCHANGE WITHOUT RANDOM ORACLES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={15-24},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003446600150024},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - THREE-PARTY PASSWORD-AUTHENTICATED KEY EXCHANGE WITHOUT RANDOM ORACLES
SN - 978-989-8425-71-3
AU - Yi X.
AU - Tso R.
AU - Okamoto E.
PY - 2011
SP - 15
EP - 24
DO - 10.5220/0003446600150024