Cryptology ePrint Archive: Report 2010/147

A New Framework for Password-Based Authenticated Key Exchange

Adam Groce and Jonathan Katz

Abstract: Protocols for password-based authenticated key exchange (PAKE) allow two users who share only a short, low-entropy password to agree on a cryptographically strong session key. The challenge in designing such protocols is that they must be immune to off-line dictionary attacks in which an eavesdropping adversary exhaustively enumerates the dictionary of likely passwords in an attempt to match a password to the set of observed transcripts.

To date, few general frameworks for constructing PAKE protocols in the standard model are known. Here, we abstract and generalize a protocol by Jiang and Gong to give a new methodology for realizing PAKE without random oracles, in the common reference string model. In addition to giving a new approach to the problem, the resulting construction offers several advantages over prior work. We also describe an extension of our protocol that is secure within the universal composability~(UC) framework and, when instantiated using El Gamal encryption, is more efficient than a previous protocol of Canetti et al.

Category / Keywords: cryptographic protocols / password-based key exchange

Publication Info: ACM CCCS 2010

Date: received 19 Mar 2010, last revised 22 Jun 2010

Contact author: jkatz at cs umd edu

Available format(s): PDF | BibTeX Citation

Version: 20100622:192646 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]