Paper 2015/1237

On the Security of One Password Authenticated Key Exchange Protocol

Stanislav V. Smyshlyaev, Igor B. Oshkin, Evgeniy K. Alekseev, and Liliya R. Ahmetzyanova

Abstract

In this paper the Security Evaluated Standardized Password Authenticated Key Exchange (SESPAKE) protocol is proposed (this protocol is approved in the standardization system of the Russian Federation) and its cryptographic properties are analyzed. The SESPAKE protocol includes a key agreement step and a key authentication step. We define new indistinguishability-based adversary model with a threat of false authentication that is an extension of the original indistinguishability-based model up to the case of protocols with authentication step without key diversification. We prove the protocol security under two types of threats: a classic threat of distinguishing a generated session key from a random string and a threat of false authentication. This protocol is the first password authenticated key exchange protocol (PAKE) protocol without key diversification for a full version of which a security proof has been obtained. The paper also contains a brief review of the known results dedicated to analysis of cryptographic properties of PAKE protocols.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
key establishmentPAKE protocols
Contact author(s)
smyshsv @ gmail com
History
2015-12-31: received
Short URL
https://ia.cr/2015/1237
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1237,
      author = {Stanislav V.  Smyshlyaev and Igor B.  Oshkin and Evgeniy K.  Alekseev and Liliya R.  Ahmetzyanova},
      title = {On the Security of One Password Authenticated Key Exchange Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1237},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1237}},
      url = {https://eprint.iacr.org/2015/1237}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.