Cryptology ePrint Archive: Report 2010/190

J-PAKE: Authenticated Key Exchange Without PKI

Feng Hao and Peter Ryan

Abstract: Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.

Category / Keywords: cryptographic protocols / Password-Authenticated Key Exchange, EKE, SPEKE, key agreement

Publication Info: A preliminary workshop version of the paper was presented at the 16th Workshop on Security Protocols, Cambridge, April 2008. This is a journal version of the paper. There is no technical change to the J-PAKE protocol.

Date: received 6 Apr 2010, last revised 25 Oct 2010

Contact author: haofeng66 at gmail com

Available format(s): PDF | BibTeX Citation

Note: The earlier version of the paper can be found at: http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf

2010-10-25: paper accepted by the TCS Journal - Springer Transactions on Computational Science after minor revision.

Version: 20101025:211418 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]