Paper 2007/342

A New Security Model for Cross-Realm C2C-PAKE Protocol

Fengjiao Wang and Yuqing Zhang

Abstract

Cross realm client-to-client password authenticated key exchange (C2C-PAKE) schemes are designed to enable two clients in different realms to agree on a common session key using different passwords. In 2006, Yin-Bao presented the first provably secure cross-realm C2C-PAKE, which security is proven rigorously within a formally defined security model and based on the hardness of some computationally intractable assumptions. However, soon after, Phan et al. pointed out that the Yin-Bao scheme was flawed. In this paper, we first analyze the necessary security attributes in the cross-realm C2C-PAKE scenario, and then a new security model for cross-realm C2C-PAKE is given. Analogous to the general construction of 3PAKE protocol for single server C2C-PAKE setting, we give a general construction of cross-realm C2C-PAKE protocol, which security is proved in the new security model.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Password-authenticated key exchangecross realmclient-to-clientprovably securesecurity model.
Contact author(s)
wangfj @ nipc org cn
History
2007-09-05: received
Short URL
https://ia.cr/2007/342
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/342,
      author = {Fengjiao Wang and Yuqing Zhang},
      title = {A New Security Model for Cross-Realm {C2C}-{PAKE} Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/342},
      year = {2007},
      url = {https://eprint.iacr.org/2007/342}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.