fficient and Provably Secure Generic Construction of Client-to-Client Password-Based Key Exchange Protocol

Authors:
Zhoujun Li;Hua Guo;Xiyong Zhang
Affiliations:
School of Computer Science and Engineering, BeiHang University, BeiJing, China;School of Computer Science and Engineering, BeiHang University, BeiJing, China;Institute of Information Engineering, Information and engineer university, Zhengzhou, China
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2008

Citing 9
Cited 0

Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Password-Authenticated Key Exchange between Clients with Different Passwords

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Efficient and provably secure client-to-client password-based key exchange protocol

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Client-to-client password authenticated key exchange (C2C-PAKE) protocol enables two clients who only share their passwords with their own servers to establish a shared key for their secure communications. Recently, Byun et al. and Yin-Li respectively proposed first provably secure C2C-PAKE protocols. However, both protocols are found to be vulnerable to undetectable online dictionary attacks and other attacks. In this paper, we present an efficient generic construction for cross-realm C2C-PAKE protocols and prove its security in the Random-or-Real model due to Abdalla et al., without making use of the Random Oracle model.