Cryptology ePrint Archive: Report 2001/031

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

Jonathan Katz and Rafail Ostrovsky and Moti Yung

Abstract: We present an efficient password-authenticated key exchange protocol which is secure against off-line dictionary attacks even when users choose passwords from a very small space (say, a dictionary of English words). We prove security in the standard model under the decisional Diffie-Hellman assumption, assuming public parameters generated by a trusted party. Compared to the recent work of Goldreich and Lindell (which was the first to give a secure construction, under general assumptions, in the standard model), our protocol requires only 3 rounds and is efficient enough to be used in practice.

Category / Keywords: cryptographic protocols / key exchange, diffie-hellman, password

Publication Info: Eurocrypt, 2001.

Date: received 23 Apr 2001, last revised 26 Apr 2001

Contact author: jkatz at cs columbia edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Revised to indicate that this is an expanded version of the paper that will appear at Eurocrypt 2001.

Version: 20010515:150529 (All versions of this report)

Short URL: ia.cr/2001/031

Discussion forum: Show discussion | Start new discussion