Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Public-key cryptography and password protocols: the multi-user case
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
An Efficient Two-Party Public Key Cryptosystem Secure against Adaptive Chosen Ciphertext Attack
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The random oracle methodology, revisited
Journal of the ACM (JACM)
Threshold Password-Authenticated Key Exchange
Journal of Cryptology
Session-Key Generation Using Human Passwords Only
Journal of Cryptology
A framework for password-based authenticated key exchange1
ACM Transactions on Information and System Security (TISSEC)
Provably secure threshold password-authenticated key exchange
Journal of Computer and System Sciences
A new two-server approach for authentication with short secrets
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Password-authenticated key exchange based on RSA
International Journal of Information Security - Special Issue on Special Purpose Protocols;Guest Editor:Moti Yung
Password based key exchange with mutual authentication
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Proofs for two-server password authentication
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Universally composable password-based key exchange
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
New directions in cryptography
IEEE Transactions on Information Theory
A public key cryptosystem and a signature scheme based on discrete logarithms
IEEE Transactions on Information Theory
Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications
Provably secure three party encrypted key exchange scheme with explicit authentication
Information Sciences: an International Journal
Hi-index | 0.00 |
Typical protocols for password-based authentication assume a single server that stores all the information (e.g., the password) necessary to authenticate a user. An inherent limitation of this approach, assuming low-entropy passwords are used, is that the user@?s password is exposed if this server is ever compromised. To address this issue, it has been suggested to share a user@?s password information among multiple servers, and to have these servers cooperate (possibly in a threshold manner) when the user wants to authenticate. We show here a two-server version of the password-only key-exchange protocol of Katz, Ostrovsky, and Yung (the KOY protocol). Our work gives the first secure two-server protocol for the password-only setting (in which the user need remember only a password, and not the servers@? public keys), and is the first two-server protocol (in any setting) with a proof of security in the standard model. Our work thus fills a gap left by the work of MacKenzie et al. (2006) [31] and Di Raimondo and Gennaro (2006) [16]. As an additional benefit of our work, we show modifications that improve the efficiency of the original KOY protocol.