Skip to main content

Advertisement

Springer Nature Link
Log in

Design and analysis of a post-quantum secure three party authenticated key agreement protocol based on ring learning with error for mobile device

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

A three party authenticated key agreement protocol (3PAKA) enables two entities to establish a session key with the assistance of a dedicated server via an insecure channel. Recently, Islam et al. (J Inf Secur Appl 6363:103026, 2021) proposed a post-quantum secure 3PAKA scheme based on Ring-LWE and proved their protocol could fend off several typical security threats. Later, Rewal et al. (J Inf Secur Appl 75:103505, 2023) pointed out that their scheme is susceptible to password guessing attacks. However, we have found that Islam et al. protocol is not only insecure against password guessing attacks but also lacks user privacy and is susceptible to impersonation attacks. We also find that Rewal et al. scheme does not provide anonymity to users and uses time stamps for key freshness, which might cause a clock synchronization problem. With that, there is a flaw in the password update phase of Rewal’s scheme. We have proposed a 3PAKA protocol to overcome the vulnerabilities in the protocols mentioned above. We demonstrate that the new scheme strengthens security and mitigates all the existing defects of Islam et al. and Rawel et al. protocols. With this, the security comparison and performance analysis show that the proposed scheme offers a more effective solution than the existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Data availability

No datasets were generated or analysed during the current study.

References

  1. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654

    Article  MathSciNet  Google Scholar 

  2. Chen CM, Fang W, Wang KH, Wu TY (2017) Comments on “an improved secure and efficient password and chaos-based two-party key agreement protocol". Nonlinear Dyn 87:2073–2075

    Article  Google Scholar 

  3. Islam SKH (2014) Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn 78:2261–2276

    Article  Google Scholar 

  4. Liu Y, Xue K (2016) An improved secure and efficient password and chaos-based two-party key agreement protocol. Nonlinear Dyn 84:549–557

    Article  MathSciNet  Google Scholar 

  5. Zhao J, Gu D (2012) Provably secure three-party password-based authenticated key exchange protocol. Inf Sci 184(1):310–323

    Article  MathSciNet  Google Scholar 

  6. Bellovin SM, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp 72–84

  7. Li X, Niu J, Kumari S, Khan MK, Liao J, Liang W (2015) Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dyn 80:1209–1220

    Article  MathSciNet  Google Scholar 

  8. Gong L (1995) Optimal authentification protocols resistant to password guessing attacks. In: Proceedings The Eighth IEEE Computer Security Foundations Workshop, pp 24–29, IEEE

  9. Gong L, Lomas MA, Needham RM, Saltzer JH (1993) Protecting poorly chosen secrets from guessing attacks. IEEE J Sel Areas Commun 11(5):648–656

    Article  Google Scholar 

  10. Juang WS, Wu JL (2008) Efficient user authentication and key agreement with user privacy protection. Int J Netw Secur 7(1):120–129

    Google Scholar 

  11. Kwon T, Kang M, Jung S, Song J (1999) An improvement of the password-based authentication protocol (k1p) on security against replay attacks. IEICE Trans Commun 82(7):991–997

    Google Scholar 

  12. Yong Z, Jianfeng M, Moon S (2010) An improvement on a three-party password-based key exchange protocol using weil pairing. Int J Netw Secur 11(1):17–22

    Google Scholar 

  13. Lin CL, Sun HM, Steiner M, Hwang T (2001) Three-party encrypted key exchange without server public-keys. IEEE Commun Lett 5(12):497–499

    Article  Google Scholar 

  14. Lin CL, Sun HM, Hwang T (2000) Three-party encrypted key exchange: attacks and a solution. ACM SIGOPS Oper Syst Rev 34(4):12–20

    Article  Google Scholar 

  15. Ding Y, Horster P (1995) Undetectable on-line password guessing attacks. ACM SIGOPS Oper Syst Rev 29(4):77–86

    Article  Google Scholar 

  16. Lee TF, Hwang T, Lin CL (2004) Enhanced three-party encrypted key exchange without server public keys. Comput Secur 23(7):571–577

    Article  Google Scholar 

  17. Sun HM, Chen BC, Hwang T (2005) Secure key agreement protocols for three-party against guessing attacks. J Syst Softw 75(1–2):63–68

    Article  Google Scholar 

  18. Xu D, He D, Choo KMR, Chen J (2017) Provably secure three-party password authenticated key exchange protocol based on ring learning with error. Cryptology ePrint Archive, pp 2017/360. https://eprint.iacr.org/2017/360

  19. He D, Chen Y, Chen J (2013) An id-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab J Sci Eng 38:2055–2061

    Article  MathSciNet  Google Scholar 

  20. Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn 77:399–411

    Article  MathSciNet  Google Scholar 

  21. Lee CC, Li CT, Chiu ST, Lai YM (2015) A new three-party-authenticated key agreement scheme based on chaotic maps without password table. Nonlinear Dyn 79:2485–2495

    Article  MathSciNet  Google Scholar 

  22. Zheng Y, Hu S, Wei L, Chen Y, Wang H, Yang Y, Li Y, Xu B, Huang W, Chen L (2020) Design and analysis of a security-enhanced three-party authenticated key agreement protocol based on chaotic maps. IEEE Access 8:66150–66162

    Article  Google Scholar 

  23. Islam SKH (2015) Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf Sci 312:104–130

    Article  MathSciNet  Google Scholar 

  24. Islam SKH, Amin R, Biswas GP, Farash MS, Li X, Kumari S (2017) An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J King Saud Univ Comput Inf Sci 29(3):311–324

    Google Scholar 

  25. Xie Q, Lu Y, Tan X, Tang Z, Hu B (2018) Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps. PLoS ONE 13(10):e0203984

    Article  Google Scholar 

  26. Islam SKH, Basu S (2021) Pb-3paka: Password-based three-party authenticated key agreement protocol for mobile devices in post-quantum environments. J Inf Secur Appl 63:103026

    Google Scholar 

  27. Chaudhary D, Kumar U, Saleem K (2023) A construction of three party post quantum secure authenticated key exchange using ring learning with errors and ECC Cryptography. IEEE Access IEEE

  28. Kumar U, Pal Y, Nikhil S, Garg M, Kumar R, Chaudhary D (2023) A construction of three party post quantum secure authenticated key exchange for mobile users. In: 14th International Conference on Computing Communication and Networking Technologies (ICCCNT) IEEE 1–7

  29. Rewal P, Singh M, Mishra D, Pursharthi K, Mishra A (2023) Quantum-safe three-party lattice based authenticated key agreement protocol for mobile devices. J Inf Secur Appl 75:103505

    Google Scholar 

  30. Dabra V, Kumari S, Bala A, Yadav S (2024) SL3PAKE: simple lattice-based three-party password authenticated key exchange for post-quantum world. J Inf Secur Appl 84:103826

    Google Scholar 

  31. Chaudhary D, Dadsena K, Padmavathi A, Hassan M, Alkhamees F, Kumar U (2024) Anonymous quantum safe construction of three party authentication and key agreement protocol for mobile devices. IEEE Access IEEE

  32. Micciancio D, Regev O (2007) Worst-case to average-case reductions based on gaussian measures. SIAM J Comput 37(1):267–302

    Article  MathSciNet  Google Scholar 

  33. Zhang J, Zhang Z, Ding J, Snook M, Dagdelen Ö (2015) Authenticated key exchange from ideal lattices. In Advances in Cryptology-EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II 34, pp 719–751, Springer

  34. Ding J, Alsayigh S, Lancrenon J, Saraswathy RV, Snook M (2017) Provably secure password authenticated key exchange based on rlwe for the post-quantum world. In Topics in Cryptology–CT-RSA 2017: The Cryptographers’ Track at the RSA Conference 2017, San Francisco, CA, USA, February 14–17, 2017, Proceedings pp 183–204, Springer

  35. Lyubashevsky V, Peikert C, Regev O (2010) On ideal lattices and learning with errors over rings. In: Advances in Cryptology–EUROCRYPT 2010: 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30–June 3, 2010. Proceedings 29 pp 1–23, Springer

  36. Panchal G, Samanta D (2018) A novel approach to fingerprint biometric-based cryptographic key generation and its applications to storage security. Comput Electr Eng 69:461–478

    Article  Google Scholar 

  37. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  Google Scholar 

  38. Kocher P, Jaffe J, Jun B, Rohatgi P (2011) Introduction to differential power analysis. J Cryptogr Eng 1:5–27

    Article  Google Scholar 

  39. Whitfield Diffie W, Oorschot PCV, Wiener MJ (1992) Authentication and authenticated key exchanges. Des Codes Crypt 2(2):107–125

    Article  MathSciNet  Google Scholar 

  40. Dabra V, Bala A, Kumari S (2020) Lba-pake: Lattice-based anonymous password authenticated key exchange for mobile devices. IEEE Syst J 15(4):5067–5077

    Article  Google Scholar 

  41. Lai H, Orgun MA, Xiao J, Pieprzyk J, Xue L, Yang Y (2014) Provably secure three-party key agreement protocol using chebyshev chaotic maps in the standard model. Nonlinear Dyn 77:1427–1439

    Article  MathSciNet  Google Scholar 

  42. Doshi N, Kumari S, Mishra D, Li X, Choo KKR, Sangaiah AK (2017) A password based authentication scheme for wireless multimedia systems. Multimed Tools Appl 76:25893–25918

    Article  Google Scholar 

  43. Feng Q, He D, Zeadally S, Kumar N, Liang K (2018) Ideal lattice-based anonymous authentication protocol for mobile devices. IEEE Syst J 13(3):2775–2785

    Article  Google Scholar 

  44. Melchor CA, Barrier J, Guelton S, Guinet A, Killijian MO, Lepoint T (2016) Nfllib: Ntt-based fast lattice library. In Topics in Cryptology-CT-RSA 2016: The Cryptographers’ Track at the RSA Conference 2016, San Francisco, CA, USA, February 29-March 4, 2016, Proceedings pp 341–356, Springer

  45. Yang H, Zhang Y, Zhou Y, Fu X, Liu H, Vasilakos AV (2014) Provably secure three-party authenticated key agreement protocol using smart cards. Comput Netw 58:29–38

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, The LNM Institute of Information Technology, Jaipur, Rajasthan, 302031, India

    Uddeshaya Kumar & Manish Garg

  2. Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Chennai, Tamil Nadu, 601103, India

    Dharminder Chaudhary

Authors
  1. Uddeshaya Kumar
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Manish Garg
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Dharminder Chaudhary
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

All the authors have equally contribution.

Corresponding author

Correspondence to Manish Garg.

Ethics declarations

Conflict of interest

The authors declare no Conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, U., Garg, M. & Chaudhary, D. Design and analysis of a post-quantum secure three party authenticated key agreement protocol based on ring learning with error for mobile device. J Supercomput 81, 9 (2025). https://doi.org/10.1007/s11227-024-06467-1

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-024-06467-1

Keywords