Abstract
This paper investigates the feasibility of designing password-authenticated key exchange protocols using quadratic residues. To date, most of the published protocols for password-authenticated key exchange were based on the Diffie-Hellman key exchange. It appears inappropriate to design password-authenticated key exchange protocols using other public-key cryptographic techniques. In this paper, we show that protocols for password-authenticated key exchange can be constructed using quadratic residues and we present the first protocol of this type. Under the factoring assumption and the random oracle model, we show that our protocol is provably secure against off-line dictionary attacks. We also discuss the use of cache technique to improve the efficiency of our protocol.
Chapter PDF
Similar content being viewed by others
Keywords
- Random Oracle
- Quadratic Residue
- Random Oracle Model
- Dictionary Attack
- Distribute System Security Symposium
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bach, E., Shallit, J.: Algorithmic Number Theory. Efficient Algorithms, vol. 1. MIT Press, Cambridge (1997)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. of the IEEE Symposium on Research in Security and Privacy, Oakland, May 1992, pp. 72–84 (1992)
Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: A passwordbased protocol secure against dictionary attacks and password file compromise. In: Proc. of the 1st ACM Conference on Computer and Communications Security, November 1993, pp. 244–250. ACM, New York (1993)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proc. First Annual Conference on Computer and Communications Security, pp. 62–73. ACM, New York (1993)
Bellare, M., Rogaway, P.: Entity Authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–26. Springer, Heidelberg (1994)
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–542. Springer, Heidelberg (2003)
Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. In: Proc. of the Fifth ACM Conference on Computer and Communications Security, pp. 122–131 (1998)
Hardy, G.H.: Ramanujan: Twelve Lectures on Subjects Suggested by His Life and Work, 3rd edn. Chelsea, New York (1999)
Jablon, D.: Strong password-only authenticated key exchange. Computer Communication Review, ACM SIGCOMM 26(5), 5–26 (1996)
Jablon, D.: http://www.integritysciences.com
Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 475. Springer, Heidelberg (2001)
Kobara, K., Imai, H.: Pretty-simple password-authenticated key-exchange under standard assumptions. IEICE Trans. E85-A(10), 2229–2237 (2002)
Kwon, T.: Authentication and key agreement via memorable passwords. In: Proc. Network and Distributed System Security Symposium, February 7-9 (2001)
Lucks, S.: Open key exchange: How to defeat dictionary attacks without encrypting public keys. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79–90. Springer, Heidelberg (1998)
MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, Springer, Heidelberg (2000)
Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
: Elementary Number Theory and Its Applications, 4th edn. Addison Wesley Longman, Amsterdam (2000)
Wu, T.: The secure remote password protocol. In: Proc. Network and Distributed System Security Symposium, San Diego, March 1998, pp. 97–111 (1998)
Wu, T.: A real-world analysis of Kerberos password security. In: Proc. Network and Distributed System Security Symposium, February 3-5 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, M. (2004). Password Authenticated Key Exchange Using Quadratic Residues. In: Jakobsson, M., Yung, M., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2004. Lecture Notes in Computer Science, vol 3089. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24852-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-24852-1_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22217-0
Online ISBN: 978-3-540-24852-1
eBook Packages: Springer Book Archive