n PAKE + : A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords

Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a hierarchical group PAKE protocol nPAKE+ protocol under the setting where each party shares an independent password with a trusted server. The nPAKE+ protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(log n). Additionally, the hierarchical feature of nPAKE+ enables every subgroup obtains their own subgroup key in the end. We also prove the security of our protocol under the random oracle model and the ideal cipher model.

[1]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Qiang Tang,et al.  Secure Password-Based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks , 2006, ACNS.

[3]  Dong Hoon Lee,et al.  Efficient Password-Based Group Key Exchange , 2004, TrustBus.

[4]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[5]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[6]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[7]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[8]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[9]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[10]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[11]  Gene Tsudik,et al.  Communication-Efficient Group Key Agreement , 2001, SEC.

[12]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[13]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[14]  Ratna Dutta,et al.  Password-based Encrypted Group Key Agreement , 2006, Int. J. Netw. Secur..

[15]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[16]  Dong Hoon Lee,et al.  Password-Authenticated Key Exchange between Clients with Different Passwords , 2002, ICICS.

[17]  Dong Hoon Lee,et al.  Constant-Round Password-Based Group Key Generation for Multi-layer Ad-Hoc Networks , 2006, SPC.

[18]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[19]  Mihir Bellare,et al.  The AuthA Protocol for Password-Based Authenticated Key Exchange , 2000 .

[20]  Hung-Min Sun,et al.  Three-party encrypted key exchange without server public-keys , 2001, IEEE Communications Letters.

[21]  Emmanuel Bresson,et al.  Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks , 2002, ASIACRYPT.

[22]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[23]  Dong Hoon Lee,et al.  N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords , 2005, ACNS.

[24]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[25]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[26]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[27]  Whitfield Diffie,et al.  A Secure Audio Teleconference System , 1988, CRYPTO.

[28]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.

[29]  Rafail Ostrovsky,et al.  Forward Secrecy in Password-Only Key Exchange Protocols , 2002, SCN.

[30]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, CRYPTO.

[31]  Qiang Tang,et al.  Weaknesses in two group Diffie-Hellman key exchange protocols , 2005, IACR Cryptol. ePrint Arch..

[32]  Gene Tsudik,et al.  CLIQUES: a new approach to group key agreement , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[33]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[34]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[35]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[36]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[37]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[38]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[39]  David Pointcheval,et al.  A Scalable Password-Based Group Key Exchange Protocol in the Standard Model , 2006, ASIACRYPT.