Skip to main content
SpringerLink
Log in

Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols

  • Conference paper
Progress in Cryptology - INDOCRYPT 2006 (INDOCRYPT 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4329))

Included in the following conference series:

Abstract

Three-party password-based authenticated key exchange (3-party PAKE) protocols make two communication parties establish a shared session key with the help of a trusted server, with which each of the two parties shares a predetermined password. Recently, with the first formal treatment for 3-party PAKE protocols addressed by Abdalla et al., the security of such protocols has received much attention from cryptographic protocol researchers. In this paper, we consider the security of 3-party PAKE protocols against undetectable on-line dictionary attacks which are serious and covert threats for the protocals. We examine two 3-party PAKE schemes proposed recently by Abdalla et al. and reveal their common weakness in resisting undetectable on-line dictionary attacks. With reviewing the formal model for 3-party PAKE protocols of Abdalla et al. and enhancing it by adding the authentication security notion for the treatment of undetectable attacks, we then present an efficient generic construction for 3-party PAKE protocols, and prove it enjoys both the semantic security and the authentication security.

This work was supported by NSFC(60373041,60573053).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Abdalla, M., Pointcheval, D.: Interactive diffie-hellman assumptions with applications to password-based authentication. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Google Scholar 

  5. Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: ACM Symposium on Theory of Computing - STOC 1995, pp. 57–66. ACM Press, New York (1995)

    Chapter  Google Scholar 

  6. Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)

    Chapter  Google Scholar 

  7. Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM Conference on Computer and Communications Security, CCS 2003, pp. 241–250. ACM, New York (2003)

    Chapter  Google Scholar 

  9. Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Jablon, D.P.: Strong password-only authenticated key exchange. ACM Computer Communication Review 26, 5–26 (1996)

    Article  Google Scholar 

  12. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Lin, C.-L., Sun, H.-M., Steiner, M., Hwang, T.: Three-party encrypted key exchange without server public-keys. IEEE Communication Letters 5(12), 497–499 (2001)

    Article  Google Scholar 

  14. MacKenzie, P.D.: The pak suite: Protocols for password-authenticated key exchange. In: Submission to IEEE P1363.2 (2002)

    Google Scholar 

  15. MacKenzie, P.D., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on rsa. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  16. Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of encrypted key exchange. Operating Systems Review 29(3), 22–30 (1995)

    Article  Google Scholar 

  17. Yeh, H.-T., Sun, H.-M., Hwang, T.: Efficient three-party authentication and key agreement protocols resistant to password guessing attacks. J. Inf. Sci. Eng. 19(6), 1059–1070 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Chinese Academy of Sciences, State Key Laboratory of Information Security, Beijing, 100049, China

    Weijia Wang & Lei Hu

Authors
  1. Weijia Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Statistical Institute, 205, B.T. Road, Kolkata, India

    Rana Barua

  2. Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, P.O. Box 513, 5600, Eindhoven, MB, Netherlands

    Tanja Lange

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, W., Hu, L. (2006). Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols. In: Barua, R., Lange, T. (eds) Progress in Cryptology - INDOCRYPT 2006. INDOCRYPT 2006. Lecture Notes in Computer Science, vol 4329. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11941378_10

Download citation

  • DOI: https://doi.org/10.1007/11941378_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49767-7

  • Online ISBN: 978-3-540-49769-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation