Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Public-key cryptography and password protocols: the multi-user case
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Two-Party Generation of DSA Signatures
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Session-Key Generation Using Human Passwords Only
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Threshold Password-Authenticated Key Exchange
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Password-Authenticated Key Exchange Based on RSA
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
An Efficient Two-Party Public Key Cryptosystem Secure against Adaptive Chosen Ciphertext Attack
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
The random oracle methodology, revisited
Journal of the ACM (JACM)
A new two-server approach for authentication with short secrets
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure threshold password-authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A framework for password-based authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Proofs for two-server password authentication
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Universally composable password-based key exchange
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Fortifying password authentication in integrated healthcare delivery systems
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A new framework for efficient password-based authenticated key exchange
Proceedings of the 17th ACM conference on Computer and communications security
Round-optimal password-based authenticated key exchange
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Password-protected secret sharing
Proceedings of the 18th ACM conference on Computer and communications security
A scalable password-based group key exchange protocol in the standard model
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A method for making password-based key exchange resilient to server compromise
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Robust smart-cards-based user authentication scheme with user anonymity
Security and Communication Networks
Efficient password authenticated key exchange via oblivious transfer
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Practical yet universally composable two-server password-authenticated secret sharing
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
Typical protocols for password-based authentication assume a single server which stores all the information (e.g.), the password necessary to authenticate a user. Unfortunately, an inherent limitation of this approach (assuming low-entropy passwords are used) is that the user's password is exposed if this server is ever compromised. To address this issue, a number of schemes have been proposed in which a user's password information is shared among multiple servers, and these servers cooperate in a threshold manner when the user wants to authenticate. We show here a two-server protocol for this task assuming public parameters available to everyone in the system (as well as the adversary). Ours is the first provably-secure two-server protocol for the important password-only setting (in which the user need remember only a password, and not the servers' public keys), and is the first two-server protocol (in any setting) with a proof of security in the standard model.