Paper 2010/055

Credential Authenticated Identification and Key Exchange

Jan Camenisch, Nathalie Casati, Thomas Gross, and Victor Shoup


Secure two-party authentication and key exchange are fundamental problems. Traditionally, the parties authenticate each other by means of their identities, using a public-key infrastucture (PKI). However, this is not always feasible or desirable: an appropriate PKI may not be available, or the parties may want to remain anonymous, and not reveal their identities. To address these needs, we introduce the notions of credential-authenticated identification (CAID) and key exchange (CAKE), where the compatibility of the parties' \emph{credentials} is the criteria for authentication, rather than the parties' \emph{identities} relative to some PKI. We formalize CAID and CAKE in the universal composability (UC) framework, with natural ideal functionalities, and we give practical, modularly designed protocol realizations. We prove all our protocols UC-secure in the adaptive corruption model with erasures, assuming a common reference string (CRS). The proofs are based on standard cryptographic assumptions and do not rely on random oracles. CAKE includes password-authenticated key exchange (PAKE) as a special case, and we present two new PAKE protocols. The first one is interesting in that it is uses completly different techniques than known practical PAKE protocols, and also achieves UC-security in the adaptive corruption model with erasures; the second one is the first practical PAKE protocol that provides a meaningful form of resilience against server compromise without relying on random oracles.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
key exchangeauthenticationanonymous credentialsPAKE
Contact author(s)
shoup @ cs nyu edu
2010-05-25: revised
2010-02-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Nathalie Casati and Thomas Gross and Victor Shoup},
      title = {Credential Authenticated Identification and Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2010/055},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.