Three-party encrypted key exchange: attacks and a solution
ACM SIGOPS Operating Systems Review
Handbook of Applied Cryptography
Handbook of Applied Cryptography
More Efficient Password-Authenticated Key Exchange
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Hi-index | 0.24 |
Password-authenticated key exchange (PAKE) protocols allow two parties to share common secret keys in an authentic manner based on a memorizable password. In 1999, a PAKE protocol called simple authenticated key agreement (SAKA) was presented, and since then until 2004, several improved variants were presented to resist known attacks. In this paper, we present attacks on variants proposed by Kim et al. and Ku-Wang that directly cause them to fail in achieving a mutually authenticated secret key between legitimate parties. These results are devastating since achieving this is the basic security criterion that any key exchange should provide. We also show dictionary attacks on the original SAKA and all its variants. These dictionary attacks invalidate the basic security goals of these protocols since a PAKE scheme must be secure against dictionary attacks due to the low entropy of human-memorizable passwords being used.