Journal of Cryptology

, Volume 19, Issue 3, pp 241–340 | Cite as

Session-Key Generation Using Human Passwords Only

  • Oded GoldreichEmail author
  • Yehuda LindellEmail author


We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password, and there is no additional set-up assumption in the network. Our protocol is proven secure under the assumption that enhanced trapdoor permutations exist. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert, and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable with an attack in which an adversary is only allowed to make a constant number of queries of the form "is w the password of Party A." We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not known whether or not such protocols were attainable without the use of random oracles or additional set-up assumptions.


Message Authentication Code Commitment Scheme Oblivious Transfer Polynomial Evaluation Auxiliary Input 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2006

Authors and Affiliations

  1. 1.Department of Computer Science, Weizmann Institute of Science, RehovotIsrael
  2. 2.Department of Computer Science, Bar-Ilan University, Ramat Gan 52900Israel

Personalised recommendations