Cryptology ePrint Archive: Report 2004/233

Password-Based Authenticated Key Exchange in the Three-Party Setting

Michel Abdalla and Pierre-Alain Fouque and David Pointcheval

Abstract: Password-based authenticated key exchange are protocols which are designed to be secure even when the secret key or password shared between two users is drawn from a small set of values. Due to the low entropy of passwords, such protocols are always subject to on-line guessing attacks. In these attacks, the adversary may succeed with non-negligible probability by guessing the password shared between two users during its on-line attempt to impersonate one of these users. The main goal of password-based authenticated key exchange protocols is to restrict the adversary to this case only. In this paper, we consider password-based authenticated key exchange in the three-party scenario, in which the users trying to establish a secret do not share a password between themselves but only with a trusted server. Towards our goal, we recall some of the existing security notions for password-based authenticated key exchange protocols and introduce new ones that are more suitable to the case of generic constructions. We then present a natural generic construction of a three-party protocol, based on any two-party authenticated key exchange protocol, and prove its security without making use of the Random Oracle model. To the best of our knowledge, the new protocol is the first provably-secure password-based protocol in the three-party setting.

Category / Keywords: cryptographic protocols / Password, authenticated key exchange, key distribution, multi-party protocols.

Date: received 13 Sep 2004

Contact author: Michel Abdalla at ens fr

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20040913:173010 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]