Forward Secure Password-Based Authenticated Key Distribution in the Three-Party Setting

Authors:
Shuhua Wu;Yuefei Zhu
Affiliations:
Department of Networks Engineering, Zhengzhou Information Science Technology Institute, Zhengzhou, China 450002;Department of Networks Engineering, Zhengzhou Information Science Technology Institute, Zhengzhou, China 450002
Venue:
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Year:
2008

Citing 14
Cited 0

Undetectable on-line password guessing attacks

ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case

STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Three-party encrypted key exchange: attacks and a solution

ACM SIGOPS Operating Systems Review
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Password-Authenticated Key Exchange between Clients with Different Passwords

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes

PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Provably secure password-based authentication in TLS

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Examining indistinguishability-based proof models for key establishment protocols

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Interactive diffie-hellman assumptions with applications to password-based authentication

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Simple password-based encrypted key exchange protocols

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Password-Based group key exchange in a constant number of rounds

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

Key establishment protocols are used for distributing shared keying material in a secure manner. In 1995, Bellare and Rogaway presented a three-party server-based key distribution (3PKD) protocol. But the protocol was recently found insecure and then was fixed by Raymond Choo et al.. But forward-secrecy is not considered in the revised protocol. In this paper, we demonstrate that it is not forward secure indeed. We then revise the protocol to be a password-based authenticated key distribution in the three-party setting and prove our protocol is forward secure in the random-oracle and ideal-cipher models under the Password-based Chosen-basis Gap Diffie-Hellman assumption. Our protocol is quite simple and elegant, and rather efficient when compared to previous solutions.