Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols

Authors:
Weijia Wang;Lei Hu
Affiliations:
Graduate School of Chinese Academy of Sciences, State Key Laboratory of Information Security, Beijing, China;Graduate School of Chinese Academy of Sciences, State Key Laboratory of Information Security, Beijing, China
Venue:
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Year:
2006

Citing 13
Cited 11

Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Refinement and extension of encrypted key exchange

ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case

STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Strong password-only authenticated key exchange

ACM SIGCOMM Computer Communication Review
Session-Key Generation Using Human Passwords Only

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Password-Authenticated Key Exchange Based on RSA

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Security proofs for an efficient password-based key exchange

Proceedings of the 10th ACM conference on Computer and communications security
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Interactive diffie-hellman assumptions with applications to password-based authentication

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography

fficient and Provably Secure Generic Construction of Client-to-Client Password-Based Key Exchange Protocol

Electronic Notes in Theoretical Computer Science (ENTCS)
Provably Secure N-Party Authenticated Key Exchange in the Multicast DPWA Setting

Information Security and Cryptology
Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract)

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Three-party password-based authenticated key exchange protocol based on bilinear pairings

ICICA'10 Proceedings of the First international conference on Information computing and applications
Provably secure password-authenticated group key exchange with different passwords under standard assumption

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Stronger security model of group key agreement

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Server-aided password-authenticated key exchange: from 3-party to group

HI'11 Proceedings of the 2011 international conference on Human interface and the management of information - Volume Part I
How to construct secure and efficient three-party password-based authenticated key exchange protocols

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Gateway-oriented password-authenticated key exchange protocol with stronger security

ProvSec'11 Proceedings of the 5th international conference on Provable security
Provably secure three-party password-based authenticated key exchange protocol

Information Sciences: an International Journal
Provably secure three-party password authenticated key exchange protocol in the standard model

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Three-party password-based authenticated key exchange (3-party PAKE) protocols make two communication parties establish a shared session key with the help of a trusted server, with which each of the two parties shares a predetermined password. Recently, with the first formal treatment for 3-party PAKE protocols addressed by Abdalla et al., the security of such protocols has received much attention from cryptographic protocol researchers. In this paper, we consider the security of 3-party PAKE protocols against undetectable on-line dictionary attacks which are serious and covert threats for the protocals. We examine two 3-party PAKE schemes proposed recently by Abdalla et al. and reveal their common weakness in resisting undetectable on-line dictionary attacks. With reviewing the formal model for 3-party PAKE protocols of Abdalla et al. and enhancing it by adding the authentication security notion for the treatment of undetectable attacks, we then present an efficient generic construction for 3-party PAKE protocols, and prove it enjoys both the semantic security and the authentication security.