论文信息 - Cryptanalysis of some client-to-client password-authenticated key exchange protocols

Cryptanalysis of some client-to-client password-authenticated key exchange protocols

The cross-domain client-to-client password-authenticated key exchange (C2C-PAKE) protocols allow two client entities from different domains to establish a shared common session key based on their passwords. Most existing schemes make an improvement based on the prototype of the C2C-PAKE protocol proposed by Byun2007[1]. Recently, Feng et al[2] and Liu et al[3] respectively proposed an efficient C2C-PAKE protocol which was based on the public key mechanism. In this paper, by cryptanalysis on these schemes, we find that the above protocols are easy to suffer from some unknown key share attacks, and furthermore, we search out the reasons that cause these situations happened and give some suggestions to improve these situations.

Qiaoyan Wen | Xiaobiao Li

[1] Masato Kitakami,et al. Error Recovery Method for Multiple-Dictionary Compression Method , 2007 .

[2] Dengguo Feng,et al. A New Client-to-Client Password-Authenticated Key Agreement Protocol , 2009, IWCC.

[3] Dong Hoon Lee,et al. Password-Authenticated Key Exchange between Clients with Different Passwords , 2002, ICICS.

[4] Chang Guiran,et al. An Efficient Client-to-Client Password-Authenticated Key Exchange Resilient to Server Compromise , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[5] Zhou Fucai. An Improved Cross-Realm Client-to-Client Password-Authenticated Key Exchange Protocol , 2009 .

[6] Bo Zhang,et al. Cryptanalysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols , 2009, J. Networks.

[7] Dong Hoon Lee,et al. Three-Party Password Authenticated Key Agreement Resistant to Server Compromise , 2006, WISA.

[8] Dong Hoon Lee,et al. EC2C-PAKA: An efficient client-to-client password-authenticated key agreement , 2007, Inf. Sci..

[9] Raphael C.-W. Phan,et al. Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme , 2005, ACNS.

[10] Dongho Won,et al. Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords , 2004, ICCSA.