Abstract
In Indocrypt 2005 Viet et al. first proposed an anonymous password-based key exchange protocol: APAKE and its extension: k-out-of-n APAKE. Then Shin et al. presented an improved protocol TAP. In this paper, we first show that the TAP protocol is vulnerable to two attacks. One is an impersonating attack and the other is an off-line dictionary attack, which is also applied to k-out-of-n APAKE. Furthermore, we propose a novel anonymous password-based key exchange protocol, and prove its security in the random oracle model under the square computational Diffie-Hellman assumption and decision inverted-additive Diffie-Hellman assumption. We also extend our protocol to the distributed setting, which is secure against the proposed attacks.
The work is supported by National Natural Science Foundation of China (90604018, 60873261), National Basic Research Program (973) of China (2007CB311202), National High-Tech R&D Program (863) of China (2006AA01Z454), and National Key Technologies R&D Program of China (2006BAH02A02).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)
Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman Assumptions with Applications to Password-based Authentication. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)
Abdalla, M., et al.: Provably secure password-based authentication in TLS. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 35–45. ACM Press, New York (2006)
Bao, F., Deng, H.R., Zhu, H.F.: Variations of Diffie-Hellman Problem. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 301–312. Springer, Heidelberg (2003)
Bresson, E., Chevassut, O., Pointcheval, D.: Security Proofs for an Efficient Password-Based Key Exchange. In: Proceedings of the 10th ACM Conference on Computer and Communications Security 2003, pp. 241–250. ACM Press, New York (2003)
Bresson, E., Chevassut, O., Pointcheval, D.: New Security Results on Encrypted Key Exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)
Boyd, C., Mathuria, A.: Protocols for authentication and key establishment. Springer, Heidelberg (2003)
Chai, Z.C., Cao, Z.F., Lu, R.X.: Efficient Password-Based Authentication and Key Exchange Scheme Preserving User Privacy. In: Cheng, X., Li, W., Znati, T. (eds.) WASA 2006. LNCS, vol. 4138, pp. 467–477. Springer, Heidelberg (2006)
MacKenzie, P.: On the Security of the SPEKE Password-authenticated Key Exchange Protocol. In: IACR ePrint archive, http://eprint.iacr.org/2001/057/
Shin, S., Kobara, K., Imai, H.: A Secure Threshold Anonymous Password-Authenticated Key Exchange Protocol. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 444–458. Springer, Heidelberg (2007)
Tzeng, W.G.: Efficient 1-Out-n Oblivious Transfer Schemes. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 159–171. Springer, Heidelberg (2002)
Viet, D.Q., Yamamura, A., Hidema, T.: Anonymous Password-Based Authenticated Key Exchange. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 244–257. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, J., Zhang, Z. (2008). A New Anonymous Password-Based Authenticated Key Exchange Protocol. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds) Progress in Cryptology - INDOCRYPT 2008. INDOCRYPT 2008. Lecture Notes in Computer Science, vol 5365. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89754-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-89754-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89753-8
Online ISBN: 978-3-540-89754-5
eBook Packages: Computer ScienceComputer Science (R0)