Abstract
This paper is concerned with the security of a three-party password-authenticated key exchange protocol presented by Abdalla and Pointcheval in FC’05. Abdalla and Pointcheval’s protocol makes use of a hash function F whose outputs are elements of a cyclic group G of prime order. Such a hash function F can be constructed from a typical hash function in various ways. In this paper, we consider the case that F (.) = g h(.), where g is an arbitrary generator of G and h is a hash function such as SHA-1 and MD5. Our result is that such a construction of F immediately leads to the vulnerability of the Abdalla-Pointcheval protocol to an off-line dictionary attack. We also show how to address this weakness of the protocol.
This work was supported by Howon University in 2013.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Bresson, E., Chevassut, O., Pointcheval, D.: Password-based group key exchange in a constant number of rounds. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 427–442. Springer, Heidelberg (2006)
Abdalla, M., Fouque, P., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman assumptions with applications to password-based authentication. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)
Bellare, M., Rogaway, P.: The AuthA protocol for password-based authenticated key exchange. Contributions to IEEE P1363 (2000)
Bellovin, S., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)
Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)
Lin, C., Sun, H., Hwang, T.: Three-party encrypted key exchange: Attacks and a solution. ACM SIGOPS Operating Systems Review 34(4), 12–20 (2000)
MacKenzie, P.: The PAK suite: Protocols for password-authenticated key exchange. Contributions to IEEE P1363.2 (2002)
Nam, J., Paik, J., Kang, H., Kim, U., Won, D.: An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Communications Letters 13(3), 205–207 (2009)
Nam, J., Paik, J., Won, D.: A security weakness in Abdalla et al.’s generic construction of a group key exchange protocol. Information Sciences 181(1), 234–238 (2011)
Yoneyama, K.: Efficient and strongly secure password-based server aided key exchange (Extended abstract). In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 172–184. Springer, Heidelberg (2008)
Zhao, J., Gu, D.: Provably secure three-party password-based authenticated key exchange protocol. Information Sciences 184(1), 310–323 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, Y., Won, D. (2013). On the Use of a Hash Function in a 3-Party Password-Based Authenticated Key Exchange Protocol. In: Park, J.J.(.H., Arabnia, H.R., Kim, C., Shi, W., Gil, JM. (eds) Grid and Pervasive Computing. GPC 2013. Lecture Notes in Computer Science, vol 7861. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38027-3_80
Download citation
DOI: https://doi.org/10.1007/978-3-642-38027-3_80
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38026-6
Online ISBN: 978-3-642-38027-3
eBook Packages: Computer ScienceComputer Science (R0)