Paper 2013/649

Security Analysis of Password-Authenticated Key Retrieval

SeongHan Shin and Kazukuni Kobara

Abstract

A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a rememberable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the password. In this paper, we analyze the only one PAKR (named as PKRS-1) standardized in IEEE 1363.2 [9] and its multi-server system (also, [11]) by showing that any passive/active attacker can find out the client's password and the static key with off-line dictionary attacks. This result is contrary to the security statement of PKRS-1 (see Chapter 10.2 of IEEE 1363.2 [9]).

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Password authenticationkey retrievalon-lineoff-line dictionary attacksIEEE 1363.2
Contact author(s)
seonghan shin @ aist go jp
History
2013-10-15: received
Short URL
https://ia.cr/2013/649
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/649,
      author = {SeongHan Shin and Kazukuni Kobara},
      title = {Security Analysis of Password-Authenticated Key Retrieval},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/649},
      year = {2013},
      url = {https://eprint.iacr.org/2013/649}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.