STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Non-interactive zero-knowledge and its applications
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Universally composable two-party and multi-party secure computation
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Session-Key Generation Using Human Passwords Only
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Robust Non-interactive Zero Knowledge
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Password-Authenticated Key Exchange Based on RSA
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Adaptively-Secure Distributed Public-Key Systems
ESA '99 Proceedings of the 7th Annual European Symposium on Algorithms
The Decision Diffie-Hellman Problem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
A practical scheme for non-interactive verifiable secret sharing
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
Robust threshold DSS signatures
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Secure distributed key generation for discrete-log based cryptosystems
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Coercion-resistant electronic elections
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Fortifying password authentication in integrated healthcare delivery systems
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Provably secure threshold password-authenticated key exchange
Journal of Computer and System Sciences
A new two-server approach for authentication with short secrets
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
An Open Framework for Remote Electronic Elections
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
A Secure Construction for Threshold Anonymous Password-Authenticated Key Exchange
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Server-Controlled Identity-Based Authenticated Key Exchange
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
EAP using the split password-based authenticated key agreement
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Strengthening zero-knowledge protocols using signatures
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Provably secure threshold password-authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Secure applications of Pedersen's distributed key generation protocol
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
A secure threshold anonymous password-authenticated key exchange protocol
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Password authenticated key exchange by juggling
Security'08 Proceedings of the 16th International conference on Security protocols
A simple threshold authenticated key exchange from short secrets
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Remote authentication with forward security
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Two-Server password-only authenticated key exchange
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Proofs for two-server password authentication
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Password-Based user authentication protocol for mobile environment
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Threshold password-based authenticated group key exchange in gateway-oriented setting
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Coercion-resistant electronic elections
Towards Trustworthy Elections
Practical yet universally composable two-server password-authenticated secret sharing
Proceedings of the 2012 ACM conference on Computer and communications security
Practical Internet voting system
Journal of Network and Computer Applications
Proceedings of the 18th ACM symposium on Access control models and technologies
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values), rather than the password itself. However, if the server is compromised, this password verification data can be used to perform an offline dictionary attack on the user's password. In this paper we propose an efficient password-authenticated key exchange system involving a set of servers, in which a certain threshold of servers must participate in the authentication of a user, and in which the compromise of any fewer than that threshold of servers does not allow an attacker to perform an offline dictionary attack. We prove our system is secure in the random oracle model under the Decision Diffie-Hellman assumption against an attacker that may eavesdrop on, insert, delete, or modify messages between the user and servers, and that compromises fewer than that threshold of servers.