Provably secure three-party password-based authenticated key exchange protocol

A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve ''heuristic'' security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie-Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof.

[1]  Raphael C.-W. Phan,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008, Inf. Sci..

[2]  Tatsuaki Okamoto,et al.  Authenticated Key Exchange and Key Encapsulation in the Standard Model , 2007, ASIACRYPT.

[3]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[4]  Hung-Min Sun,et al.  Secure key agreement protocols for three-party against guessing attacks , 2005, J. Syst. Softw..

[5]  Zhenfu Cao,et al.  An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem , 2009, ASIACCS '09.

[6]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[7]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[8]  Lei Hu,et al.  Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols , 2006, INDOCRYPT.

[9]  Hung-Min Sun,et al.  Three-party encrypted key exchange without server public-keys , 2001, IEEE Communications Letters.

[10]  Colin Boyd,et al.  Password Based Server Aided Key Exchange , 2006, ACNS.

[11]  Kee-Young Yoo,et al.  Efficient verifier-based key agreement protocol for three parties without server's public key , 2005, Appl. Math. Comput..

[12]  David Cash,et al.  The Twin Diffie-Hellman Problem and Applications , 2008, EUROCRYPT.

[13]  Zhenfu Cao,et al.  Simple three-party key exchange protocol , 2007, Comput. Secur..

[14]  Jin-Young Choi,et al.  Enhanced password-based simple three-party key exchange protocol , 2009, Comput. Electr. Eng..

[15]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[16]  Yacov Yacobi A Key Distribution "Paradox" , 1990, CRYPTO.

[17]  Changho Seo,et al.  A Three - Party Authenticated Key Exchange Scheme Smartcard using Elliptic Curve Cryptosystem for Secure Key Exchange in Wireless Sensor Network , 2007, 2007 IEEE International Symposium on Consumer Electronics.

[18]  Yacov Yacobi,et al.  On Key Distribution Systems , 1989, CRYPTO.

[19]  Zhenfu Cao,et al.  An Insider-Resistant Group Key Exchange Protocol without Signatures , 2009, 2009 IEEE International Conference on Communications.

[20]  Chun-Li Lin,et al.  Enhanced three-party encrypted key exchange without server public keys , 2004, Comput. Secur..

[21]  David Pointcheval,et al.  Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework , 2008, CT-RSA.

[22]  Dongho Won,et al.  Security weakness in a three-party pairing-based protocol for password authenticated key exchange , 2007, Inf. Sci..

[23]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice,Second Edition , 2002 .

[24]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[25]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[26]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[27]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[28]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[29]  Kazuki Yoneyama Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract) , 2008, INDOCRYPT.

[30]  Jonathan Katz,et al.  Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices , 2009, ASIACRYPT.

[31]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[32]  Wei-Pang Yang,et al.  A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..

[33]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[34]  Wei-Bin Lee,et al.  A round- and computation-efficient three-party authenticated key exchange protocol , 2008, J. Syst. Softw..

[35]  Dong Hoon Lee,et al.  One-Round Protocol for Two-Party Verifier-Based Password-Authenticated Key Exchange , 2006, Communications and Multimedia Security.

[36]  Rafail Ostrovsky,et al.  Forward Secrecy in Password-Only Key Exchange Protocols , 2002, SCN.

[37]  Sarvar Patel,et al.  Password-Authenticated Key Exchange Based on RSA , 2000, ASIACRYPT.

[38]  Chuangui Ma,et al.  Password Authenticated Key Exchange Based on RSA in the Three-Party Settings , 2009, ProvSec.

[39]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[40]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[41]  Dong Hoon Lee,et al.  One-Round Protocols for Two-Party Authenticated Key Exchange , 2004, ACNS.

[42]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[43]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[44]  Sarvar Patel,et al.  Number theoretic attacks on secure password schemes , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[45]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[46]  Alfred Menezes,et al.  Validation of Elliptic Curve Public Keys , 2003, Public Key Cryptography.

[47]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[48]  Jean-Sébastien Coron,et al.  The Random Oracle Model and the Ideal Cipher Model Are Equivalent , 2008, CRYPTO.

[49]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[50]  David Pointcheval,et al.  Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication , 2005, Financial Cryptography.

[51]  Chin-Chen Chang,et al.  A novel three-party encrypted key exchange protocol , 2004, Comput. Stand. Interfaces.

[52]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[53]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[54]  Jintai Ding,et al.  A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem , 2012, IACR Cryptol. ePrint Arch..

[55]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[56]  Alfred Menezes,et al.  On the Importance of Public-Key Validation in the MQV and HMQV Key Agreement Protocols , 2006, INDOCRYPT.

[57]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[58]  Tzonelih Hwang,et al.  Provably secure three-party password-based authenticated key exchange protocol using Weil pairing , 2005 .

[59]  Jooyoung Lee,et al.  An Efficient Authenticated Key Exchange Protocol with a Tight Security Reduction , 2008, IACR Cryptol. ePrint Arch..

[60]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, EUROCRYPT.

[61]  Xiaoni Du,et al.  A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges , 2010, Inf. Sci..