A Method for Making Password-Based Key Exchange Resilient to Server Compromise

  • Craig Gentry
  • Philip MacKenzie
  • Zulfikar Ramzan
Conference paper

DOI: 10.1007/11818175_9

Volume 4117 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Gentry C., MacKenzie P., Ramzan Z. (2006) A Method for Making Password-Based Key Exchange Resilient to Server Compromise. In: Dwork C. (eds) Advances in Cryptology - CRYPTO 2006. CRYPTO 2006. Lecture Notes in Computer Science, vol 4117. Springer, Berlin, Heidelberg

Abstract

This paper considers the problem of password-authenticated key exchange (PAKE) in a client-server setting, where the server authenticates using a stored password file, and it is desirable to maintain some degree of security even if the server is compromised. A PAKE scheme is said to be resilient to server compromise if an adversary who compromises the server must at least perform an offline dictionary attack to gain any advantage in impersonating a client. (Of course, offline dictionary attacks should be infeasible in the absence of server compromise.) One can see that this is the best security possible, since by definition the password file has enough information to allow one to play the role of the server, and thus to verify passwords in an offline dictionary attack.

While some previous PAKE schemes have been proven resilient to server compromise, there was no known general technique to take an arbitrary PAKE scheme and make it provably resilient to server compromise. This paper presents a practical technique for doing so which requires essentially one extra round of communication and one signature computation/ verification. We prove security in the universal composability framework by (1) defining a new functionality for PAKE with resilience to server compromise, (2) specifying a protocol combining this technique with a (basic) PAKE functionality, and (3) proving (in the random oracle model) that this protocol securely realizes the new functionality.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Craig Gentry
    • 1
  • Philip MacKenzie
    • 2
  • Zulfikar Ramzan
    • 3
  1. 1.Stanford UniversityPalo AltoUSA
  2. 2.Google, Inc.Mountain ViewUSA
  3. 3.Symantec, Inc.Redwood CityUSA