Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Complexity and Fast Algorithms for Multiexponentiations
IEEE Transactions on Computers
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Systematic Design of Two-Party Authentication Protocols
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Threshold Password-Authenticated Key Exchange
Journal of Cryptology
Fortifying password authentication in integrated healthcare delivery systems
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A Practical Password-Based Two-Server Authentication and Key Exchange System
IEEE Transactions on Dependable and Secure Computing
A new two-server approach for authentication with short secrets
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure threshold password-authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Universally composable password-based key exchange
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
One of the prominent advantages of password-only two-server authenticated key exchange is that the user password will remain secure against offline dictionary attacks even after one of the servers has been compromised. The first system of this type was proposed by Yang, Deng and Bao in 2006. The system is efficient with a total of eight communication rounds in one protocol run. However, the security assumptions are strong. It assumes that one particular server cannot be compromised by an active adversary. It also assumes that there exists a secure communication channel between the two servers. Recently, a new protocol has been proposed by the same group of researchers. The new one removes these assumptions, but in return pays a very high price on the communication overhead. It takes altogether ten rounds to complete one protocol run and requires more computation. Therefore, the question remains is whether it is possible to build a protocol which can significantly reduce the number of communication rounds without introducing additional security assumptions or computational complexity. In this paper, we give an affirmative answer by proposing a very efficient protocol with no additional assumption introduced. The protocol requires only six communication rounds without increasing the computational complexity.