Cryptology ePrint Archive: Report 2013/649

Security Analysis of Password-Authenticated Key Retrieval

SeongHan Shin and Kazukuni Kobara

Abstract: A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a rememberable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the password. In this paper, we analyze the only one PAKR (named as PKRS-1) standardized in IEEE 1363.2 [9] and its multi-server system (also, [11]) by showing that any passive/active attacker can find out the client's password and the static key with off-line dictionary attacks. This result is contrary to the security statement of PKRS-1 (see Chapter 10.2 of IEEE 1363.2 [9]).

Category / Keywords: cryptographic protocols / Password authentication, key retrieval, on-line/off-line dictionary attacks, IEEE 1363.2

Date: received 9 Oct 2013

Contact author: seonghan shin at aist go jp

Available format(s): PDF | BibTeX Citation

Version: 20131015:063325 (All versions of this report)

Short URL: ia.cr/2013/649

Discussion forum: Show discussion | Start new discussion