Skip to main content
SpringerLink
Log in

Password-authenticated key exchange based on RSA

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

There have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only ones that have been proven secured against offline dictionary attacks were based on Diffie–Hellman key exchange. We examine how to design a secure password-authenticated key exchange protocol based on RSA. In this paper, we first look at the OKE and protected-OKE protocols (both RSA-based) and show that they are insecure. Then we show how to modify the OKE protocol to obtain a password-authenticated key exchange protocol that can be proven secure (in the random oracle model). This protocol is very practical; in fact, it requires about the same amount of computation as the Diffie–Hellman-based protocols. Finally, we present an augmented protocol that is resilient to server compromise, meaning (informally) that an attacker who compromises a server would not be able to impersonate a client, at least not without running an offline dictionary attack against that client’s password.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bach E., Shallit J.: Algorithmic Number Theory: Volume 1 Efficient Algorithms. The MIT Press, Cambridge, Massachusetts (1996)

    MATH  Google Scholar 

  2. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: EUROCRYPT 2000 (LNCS 1807), pp. 139–155 (2000)

  3. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communication Science (CCS) ’93, pp. 62–73 (1993)

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: CRYPTO ’93 (LNCS 773), pp. 232–249 (1993)

  5. Bellare, M., Rogaway, P.: Provably secure session key distribution—the three party case. In: 27th ACM Symposium on the Theory of Computing (STOC), pp. 57–66 (1995)

  6. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)

  7. Bellovin, S.M., Merritt, M.: Augumented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: ACM Conference on Computer and Communication Science (CCS) ’93, pp. 244–250 (1993)

  8. Bleichenbacher, D.: Personal Communication (1999)

  9. Boyko, V., MacKenzie, P., Patel, S.: Provably-secure password authentication and key exchange using Diffie–Hellman. In: EUROCRYPT 2000 (LNCS 1807), pp. 156–171 (2000)

  10. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: 30th ACM Symposium on Theory of Computing (STOC), pp. 209–218 (1998)

  11. Cramer, R., Shoup, V.: A practical public-key cryptosystem provably secure against adaptive chosen ciphertext attack. In: CRYPTO ’98 (LNCS 1462), pp. 13–25 (1998)

  12. Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Info. Theory 22(6), 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  13. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: CRYPTO ’86 (LNCS 263), pp. 186–194 (1986)

  14. Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: CRYPTO 2001 (LNCS 2139), pp. 408–432 (2001)

  15. Goldwasser S., Micali S., Rivest R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  16. Gong L., Lomas T.M.A., Needham R.M., Saltzer J.H.: Protecting poorly chosen secrets from guessing attacks. IEEE J. Select. Areas Commun. 11(5), 648–656 (1993)

    Article  Google Scholar 

  17. Gong, L.: Optimal authentication protocols resistant to password guessing attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)

  18. Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Eurocrypt ’88 (LNCS 330), pp. 123–128 (1988)

  19. Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. In: 5th ACM Conference on Computer and Communications Security (CCS), pp. 122–131 (1998)

  20. IEEE P1363 Annex D/Editorial Contribution 1c: Standard specifications for public-key cryptography (June 1998)

  21. Jablon D.: Strong password-only authenticated key exchange. ACM Comput. Commun. Rev. 26(5), 5–20 (1996)

    Article  Google Scholar 

  22. Jablon, D.: Extended password key exchange protocols immune to dictionary attack. In: WETICE ’97 Workshop on Enterprise Security, pp. 248–255 (1997)

  23. Katz, J., Ostrovsky, R., Yung, M.: Practical password-authenticated key exchange provably secure under standard assumptions. In: EUROCRYPT 2001 (LNCS 2045), pp. 475–494 (2001)

  24. Kravitz, D.W.: Digital signature algorithm. U.S. Patent 5,231,668 (27 July 1993)

  25. Lenstra H.W.: Divisors in residue classes. Math. Comput. 42, 331–340 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  26. Lenstra A.K., Verheul E.R.: Selecting cryptographic key sizes. J. Cryptol. 14(4), 255–293 (2001)

    MATH  MathSciNet  Google Scholar 

  27. Lucks, S.: Open key exchange: how to defeat dictionary attacks without encrypting public keys. In: Proceedings of the Workshop on Security Protocols (1997)

  28. MacKenzie, P.: The PAK suite: protocols for password-authenticated key exchange. DIMACS Technical Report 2002-46 (2002)

  29. MacKenzie P., Patel S., Swaminathan R.: Password-authenticated key exchange based on RSA. In: ASIACRYPT 2000 (LNCS 1976), pp. 599–613 (2000)

  30. Patel, S.: Number theoretic attacks on secure password schemes. In: IEEE Symposium on Research in Security and Privacy, pp. 236–247 (1997)

  31. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: EUROCRYPT ’96 (LNCS 1070), pp. 387–398 (1996)

  32. Roe, M., Christianson, B., Wheeler, D.: Secure sessions from weak secrets. Technical report, University of Cambridge and University of Hertfordshire (1998)

  33. Rivest R., Shamir A., Adleman L.: A method for obtaining digital signature and public key cryptosystems. Commun. ACM 21, 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  34. Shoup, V.: On formal models for secure key exchange. In: IBM Research Report RZ 3120 (1999)

  35. Steiner M., Tsudik G., Waidner M.: Refinement and extension of encrypted key exchange. ACM Oper. Syst. Rev. 29, 22–30 (1995)

    Article  Google Scholar 

  36. Wu, T.: The secure remote password protocol. In: 1998 Internet Society Network and Distributed System Security Symposium (NDSS), pp. 97–111 (1998)

Download references

Author information

Author notes

  1. Philip MacKenzie

    Present address: Google, Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA

  2. Sarvar Patel

    Present address: Google, Inc, 76 9th Ave, New York, NY, 10011, USA

  3. Ram Swaminathan

    Present address: Hewlett-Packard Laboratories, 1501 Page Mill Road, Palo Alto, CA, 94304, USA

Authors and Affiliations

  1. Bell Laboratories, Lucent Technologies, Murrary Hill, NJ, 07974, USA

    Philip MacKenzie, Sarvar Patel & Ram Swaminathan

Authors
  1. Philip MacKenzie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sarvar Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ram Swaminathan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ram Swaminathan.

Additional information

An earlier version of this paper appeared in Asiacrypt 2000.

Rights and permissions

Reprints and permissions

About this article

Cite this article

MacKenzie, P., Patel, S. & Swaminathan, R. Password-authenticated key exchange based on RSA. Int. J. Inf. Secur. 9, 387–410 (2010). https://doi.org/10.1007/s10207-010-0120-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-010-0120-3

Keywords

Search

Navigation