fficient and Provably Secure Generic Construction of Client-to-Client Password-Based Key Exchange Protocol

https://doi.org/10.1016/j.entcs.2008.04.066Get rights and content
Under a Creative Commons license
open access

Abstract

Client-to-client password authenticated key exchange (C2C-PAKE) protocol enables two clients who only share their passwords with their own servers to establish a shared key for their secure communications. Recently, Byun et al. and Yin-Li respectively proposed first provably secure C2C-PAKE protocols. However, both protocols are found to be vulnerable to undetectable online dictionary attacks and other attacks. In this paper, we present an efficient generic construction for cross-realm C2C-PAKE protocols and prove its security in the Random-or-Real model due to Abdalla et al., without making use of the Random Oracle model.

Keywords

Password-authenticated key exchange
cross realm
client-to-client
provably secure
general construction

Cited by (0)

Supported by the National Natural Science Foundation of China under Grant No. 60473057, 90604007, 60703075, 90718017 and Supported by The Research Fund for the Dectoral Program of Higher Education (No. 20070006055)