More Efficient Password-Authenticated Key Exchange

In this paper we show various techniques for improving the efficiency of the PAK and PAK-X password-authenticated key exchange protocols while maintaining provable security. First we show how to decrease the client-side computation by half in the standard PAK protocol (i.e., PAK over a subgroup of Zp). Then we show a version of PAK that is provably secure against server compromise but is conceptually much simpler than the PAK-X protocol. Finally we show how to modify the PAK protocol for use over elliptic curve and XTR groups, thus allowing greater efficiency compared to running PAK over a subgroup of Zp.

[1]  Arjen K. Lenstra,et al.  The XTR Public Key System , 2000, CRYPTO.

[2]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[3]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[4]  Bruce Christianson,et al.  Secure Sessions from Weak Secrets , 2003, Security Protocols Workshop.

[5]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[6]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[7]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[8]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[9]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[10]  Arjen K. Lenstra,et al.  Key Improvements to XTR , 2000, ASIACRYPT.

[11]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[12]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[13]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[14]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[15]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[17]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[18]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[19]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[20]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.