J-PAKE: Authenticated Key Exchange without PKI

Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.

[1]  Ross J. Anderson,et al.  Robustness Principles for Public Key Protocols , 1995, CRYPTO.

[2]  Feng Hao,et al.  A 2-Round Anonymous Veto Protocol , 2009, Security Protocols Workshop.

[3]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[4]  Muxiang Zhang Analysis of the SPEKE password-authenticated key exchange protocol , 2004, IEEE Commun. Lett..

[5]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[6]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[7]  Sarvar Patel,et al.  Number theoretic attacks on secure password schemes , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[9]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[10]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[11]  Douglas R. Stinson Cryptography: Theory and Practice, Third Edition , 2005 .

[12]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[13]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[15]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[16]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[17]  Guang Gong,et al.  Password Based Key Exchange with Mutual Authentication , 2004, IACR Cryptol. ePrint Arch..

[18]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[19]  Radia J. Perlman,et al.  Secure Password-Based Protocol for Downloading a Private Key , 1999, NDSS.

[20]  Barry Jaspan,et al.  Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks , 1996, USENIX Security Symposium.

[21]  Kazukuni Kobara,et al.  Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions , 2003, IACR Cryptol. ePrint Arch..

[22]  Yongge Wang,et al.  Security analysis of a password-based authentication protocol proposed to IEEE 1363 , 2006, Theor. Comput. Sci..

[23]  Philip MacKenzie,et al.  On the Security of the SPEKE Password-Authenticated Key Exchange Protocol , 2001, IACR Cryptol. ePrint Arch..

[24]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[25]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[26]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[27]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[28]  Paul C. van Oorschot,et al.  On Diffie-Hellman Key Agreement with Short Exponents , 1996, EUROCRYPT.

[29]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[30]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[31]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[32]  J. Camenisch,et al.  Proof systems for general statements about discrete logarithms , 1997 .

[33]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[34]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[35]  David P. Jablon Password Authentication Using Multiple Servers , 2001, CT-RSA.

[36]  Peter Shiu,et al.  Cryptography: Theory and practice (3rd edn), by Douglas R. Stinson. Pp. 593. 2006. (hbk) £39.99. ISBN 1 58488 508 4 (Chapman and Hall / CRC). , 2007, The Mathematical Gazette.