Paper 2007/326

Efficient Password-based Authenticated Key Exchange without Public Information

Jun Shao, Zhenfu Cao, Licheng Wang, and Rongxing Lu

Abstract

Since the first password-based authenticated key exchange (PAKE) was proposed, it has enjoyed a considerable amount of interest from the cryptographic research community. To our best knowledge, most of proposed PAKEs based on Diffie-Hellman key exchange need some public information, such as generators of a finite cyclic group. However, in a client-server environment, not all servers use the same public information, which demands clients authenticate those public information before beginning PAKE. It is cumbersome for users. What's worse, it may bring some secure problems with PAKE, such as substitution attack. To remove these problems, in this paper, we present an efficient password-based authenticated key exchange protocol without any public information. We also provide a formal security analysis in the non-concurrent setting, including basic security, mutual authentication, and forward secrecy, by using the random oracle model.

Note: An extended abstract of this paper appears in ESORICS 2007, J. Biskup and J. Lopez (Eds.), volume 4734 of LNCS, pp. 299-310, Sringer-Verlag, 2007.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. An extended abstract of this paper appears in ESORICS 2007, J. Biskup and J. Lopez (Eds.), volume 4734 of LNCS, pp. 299-310, Sringer-Verlag, 2007.
Keywords
PAKE
Contact author(s)
chn junshao @ gmail com
History
2007-08-20: received
Short URL
https://ia.cr/2007/326
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/326,
      author = {Jun Shao and Zhenfu Cao and Licheng Wang and Rongxing Lu},
      title = {Efficient Password-based Authenticated Key Exchange without Public Information},
      howpublished = {Cryptology ePrint Archive, Paper 2007/326},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/326}},
      url = {https://eprint.iacr.org/2007/326}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.