Paper 2010/190

J-PAKE: Authenticated Key Exchange Without PKI

Feng Hao and Peter Ryan

Abstract

Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.

Note: The earlier version of the paper can be found at: http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf 2010-10-25: paper accepted by the TCS Journal - Springer Transactions on Computational Science after minor revision.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. A preliminary workshop version of the paper was presented at the 16th Workshop on Security Protocols, Cambridge, April 2008. This is a journal version of the paper. There is no technical change to the J-PAKE protocol.
Keywords
Password-Authenticated Key ExchangeEKESPEKEkey agreement
Contact author(s)
haofeng66 @ gmail com
History
2010-10-25: last of 2 revisions
2010-04-09: received
See all versions
Short URL
https://ia.cr/2010/190
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/190,
      author = {Feng Hao and Peter Ryan},
      title = {J-PAKE: Authenticated Key Exchange Without PKI},
      howpublished = {Cryptology ePrint Archive, Paper 2010/190},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/190}},
      url = {https://eprint.iacr.org/2010/190}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.