A Secure Threshold Anonymous Password-Authenticated Key Exchange Protocol

At Indocrypt 2005, Viet et al., [20] have proposed an anonymous password-authenticated key exchange (PAKE) protocol and its threshold construction both of which are designed for client's password-based authentication and anonymity against a passive server, who does not deviate the protocol. In this paper, we first point out that their threshold construction is completely insecure against off-line dictionary attacks. For the threshold t > 1, we propose a secure threshold anonymous PAKE (for short, TAP) protocol with the number of clients n upper-bounded, such that n ≤ 2√N - 1 - 1, where N is a dictionary size of passwords. We also show that the TAP protocol provides semantic security of session keys in the random oracle model, with the reduction to the computational Diffie-Hellman problem, as well as anonymity against a passive server. For the threshold t = 1, we propose an efficient anonymous PAKE protocol that significantly improves efficiency in terms of computation costs and communication bandwidth compared to the original (not threshold) anonymous PAKE protocol [20].

[1]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[4]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[6]  Wen-Guey Tzeng,et al.  Efficient k-out-of-n Oblivious Transfer Schemes , 2005, J. Univers. Comput. Sci..

[7]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[8]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[9]  Hidema Tanaka,et al.  Anonymous Password-Based Authenticated Key Exchange , 2005, INDOCRYPT.

[10]  Wen-Guey Tzeng,et al.  Efficient 1-Out-n Oblivious Transfer Schemes , 2002, Public Key Cryptography.

[11]  Emmanuel Bresson,et al.  New Security Results on Encrypted Key Exchange , 2003, Public Key Cryptography.

[12]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[13]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[14]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[15]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[16]  Markus Jakobsson,et al.  Threshold Password-Authenticated Key Exchange , 2002, Journal of Cryptology.

[17]  Minh-Huyen Nguyen,et al.  The Relationship Between Password-Authenticated Key Exchange and Other Cryptographic Primitives , 2005, TCC.

[18]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[19]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[20]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[21]  Jing Yang,et al.  A New Anonymous Password-Based Authenticated Key Exchange Protocol , 2008, INDOCRYPT.

[22]  Philip MacKenzie,et al.  On the Security of the SPEKE Password-Authenticated Key Exchange Protocol , 2001, IACR Cryptol. ePrint Arch..