Cryptology ePrint Archive: Report 2000/057

Session-Key Generation using Human Passwords Only

Oded Goldreich and Yehuda Lindell

Abstract: We present session-key generation protocols in a model where the legitimate parties share {\em only} a human-memorizable password, and there is no additional setup assumption in the network. Our protocol is proven secure under the assumption that trapdoor permutations exist. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable to an attack in which an adversary is only allowed to make a constant number of queries of the form ``is $w$ the password of Party $A$''. We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not known whether or not such protocols were attainable without the use of random oracles or additional setup assumptions.

Category / Keywords: cryptographic protocols / Session-key generation (authenticated key-exchange),

Publication Info: An extended abstract appeared in CRYPTO 2001. This is the full version.

Date: received 7 Nov 2000, last revised 25 Jan 2005

Contact author: lindell at cs biu ac il

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20050125:120104 (All versions of this report)

Short URL: ia.cr/2000/057

Discussion forum: Show discussion | Start new discussion