Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.5.17

Light-Weight Password-Based Authenticated Key Exchange for Two Users using Different Passwords  

Kwon, Jeong-Ok (Graduate School of Information Management & Security CIST, Korea University)
Kim, Ki-Tak (Graduate School of Information Management & Security CIST, Korea University)
Jeong, Ik-Rae (Graduate School of Information Management & Security CIST, Korea University)
Lee, Dong-Hoon (Graduate School of Information Management & Security CIST, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.5, 2008 , pp. 17-30 More about this Journal
Abstract
In the paper, we consider password-based authenticated key exchange with different passwords, where the users do not share a password between themselves, but only with the server. The users make a session key using their different passwords with the help of the server. We propose an efficient password-based authenticated key exchange protocol with different passwords which achieves forward secrecy without random oracles. In fact this amount of computation and the number of rounds are comparable to the most efficient password-based authenticated key exchange protocol in the random oracle model. The protocol requires a client only to memorize a human-memorable password, and all other information necessary to run the protocol is made public.
Keywords
Password-based key exchange; Dictionary attacks; Forward secrecy; Known-key secrecy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. W. Byun, I. R. Jeong, D. H. Lee, and C.-S. Park. "Password-Authenticated Key Exchange between Clients with Different Passwords," In ICICS'02, LNCS 2513, pp. 134-146, 2002
2 Y. Ding, P. Horster. "Undetectable on-line password guessing attacks," ACM Operating Systems Review 29 (4):77-86 (1995)   DOI
3 M. Steiner, G. Tsudik, and M. Waidner. "Refinement and extension of encrypted key exchange," ACM SIGOPS Operating Systems Review, 29(3):22-30, July 1995   DOI
4 R. Canetti, O. Goldreich and S. Halevi. "On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes," In Pro. of 1st Theory of Cryptography Conference (TCC), LNCS 2951, pp. 40-57, 2004
5 C.-L. Lin, H.-M. Sun, M. Steiner, T. Hwang. "Three-party encrypted key exchange without server public-keys," IEEE Communication Letters 5 (12):497-499 (2001)   DOI   ScienceOn
6 M. Bellare and P. Rogaway. "Provably secure session key distribution - the three party case," In Pro. of the 28th Annual ACM Symposium on Theory of Computing, pp. 57-66, 1996
7 M. Abdalla and D. Pointcheval. "Interactive Diffie-Hellman assumptions with applications to password-based authentication," In Proc. of Financial Cryptography 2005, LNCS 3570, pp. 341-356, Springer-Verlag, 2005
8 R. Canetti, O. Goldreich, and S. Halevi. "The random oracle methodology, revisited," In Pro. of the 32nd Annual ACM Symposium on Theory of Computing, pp. 209-218, 1998
9 J. Katz, R. Ostrovsky, and M. Yung. "Forward secrecy in Password-only Key Exchange Protocols," In Pro. of SCN '02, LNCS 2576, pp. 29-44, Springer-Verlag, 2002
10 M. Bellare, D. Pointcheval and P. Rogaway. "Authenticated key exchange secure against dictionary attack," In Eurocrypt 00, LNCS 1807, pp. 139-155, Springer-Verlag, 2000
11 O. Goldreich and Y. Lindell. "Session-Key Generation using Human Passwords Only," In Pro. of Crypto '01, LNCS 2139, pp. 408-432. Springer-Verlag, 2001
12 J. O. Kwon, I. R. Jeong, K. Sakurai, D. H. Lee, "Efficient Verifier-Based Password-Authenticated Key Exchange in the Three-Party Setting", Computer Standards & Interfaces, vol. 29 (5), pp. 513-520, 2007   DOI   ScienceOn
13 J. Katz, R. Ostrovsky, and M. Yung. "Efficient password-authenticated key exchange using human-memorable passwords," In Pro. of Eurocrypt'01, LNCS 2045, pp. 475-494, 2001
14 M. Abdalla, P.-A. Fouque, D. Pointcheval. "Password-Based Authenticated Key Exchange in the Three-Party Setting," In PKC'05, LNCS 3386, pp. 65-84, 2005
15 M. Bellare and P. Rogaway. "Random oracles are practical:a paradigm for designing efficient protocols," In Proc. of 1st Conference on Computer and Communications Security, pp. 62-73, ACM, 1993
16 J. B. Nielsen. "Separating Random Oracle Proofs from Complexity Theoretic Proofs:The Non-Committing Encryption Case," In Proc. of CRYPTO'02, LNCS 2442, pp. 111- 126, 2002
17 M. Abdalla, M. Bellare and P. Rogaway. "The oracle Diffie-Hellman assumption and an analysis of DHIES," CT-RSA01, pp. 143-158, 2001
18 M. Abdalla, M. Bellare and P. Rogaway. "DHAES:an encryption scheme based on the Diffie-Hellman problem," Submission to IEEE P1363, 1998
19 S. Goldwasser and Y. Taumen. "On the (in)security of the Fiat-Shamir Paradigm," In Proc. of STOC '03, pp. 102-115, IEEE Computer Society, 2003