Cryptology ePrint Archive: Report 2002/192

Security Proofs for an Efficient Password-Based Key Exchange

Emmanuel Bresson and Olivier Chevassut and David Pointcheval

Abstract: Password-based key exchange schemes are designed to provide entities communicating over a public network, and sharing a (short) password only, with a session key (e.g, the key is used for data integrity and/or confidentiality). The focus of the present paper is on the analysis of very efficient schemes that have been proposed to the IEEE P1363 Standard working group on password-based authenticated key-exchange methods, but for which actual security was an open problem. We analyze the AuthA key exchange scheme and give a complete proof of its security. Our analysis shows that the AuthA protocol and its multiple modes of operation are provably secure under the computational Diffie-Hellman intractability assumption, in both the random-oracle and the ideal-cipher models.

Category / Keywords: cryptographic protocols / key exchange, dictionary attack

Date: received 19 Dec 2002, last revised 23 Oct 2003

Contact author: David Pointcheval at ens fr

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20031023:192854 (All versions of this report)

Short URL: ia.cr/2002/192

Discussion forum: Show discussion | Start new discussion