Anonymous Password Authenticated Key Exchange Protocol in the Standard Model
Anonymous password authenticated key exchange (APAKE) allows a client holding a low-entropy password to establish a session key with a server in an authenticated and anonymous way. As a very convenient solution for personal privacy protection, it has attracted much attention in recent years. However, almost all existing APAKE protocols are designed in the random oracle model. In this paper, we propose the first password-only APAKE protocol (called APAKE-S) with proven security in the standard model, i.e., without random oracle heuristic. The resulting protocol guarantees AKE security, client anonymity and mutual authentication. Moreover, since the building blocks in our construction can be instantiated based on numerous hard assumptions (e.g., decisional Diffie–Hellman, Quadratic Residuosity, and N-residuosity assumptions), our APAKE-S protocol is actually a generic construction which implies a series of efficient APAKE protocols in the standard model.
KeywordsPassword authentication Anonymous authentication Key exchange protocol Standard model
The work is supported by the National Natural Science Foundation of China (No. 61502527, 61602046, U1536205, 61379150), the National Basic Research Program of China (No. 2013CB338003 and 2012CB315905), and Foundation of Science and Technology on Information Assurance Laboratory (No. KJ-14-004).
- 1.Bellovin, S., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE computer society symposium on research in security and privacy (pp. 72–84).Google Scholar
- 2.Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. In Advances in cryptology—EUROCRYPT 2000. Lecture notes in computer science (Vol. 1807, pp. 139–155).Google Scholar
- 3.Boyko, V., MacKenzie, P., & Patel, S. (2000). Provably secure password-authenticated key exchange using diffie-hellman. In Advances in cryptology—EUROCRYPT 2000. Lecture notes in computer science (Vol. 1807, pp. 156–171).Google Scholar
- 4.Katz, J., Ostrovsky, R., & Yung, M. (2001). Efficient password-authenticated key exchange using human-memorable passwords. In Advances in cryptology—EUROCRYPT 2001. Lecture notes in computer science (Vol. 2045, pp. 475–494).Google Scholar
- 5.Jiang, S., & Gong, G. (2005) Password based key exchange with mutual authentication. In Selected areas in cryptography. Lecture notes in computer science (Vol. 3357, pp. 267–279).Google Scholar
- 6.Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., & Vergnaud, D. (2013). New techniques for SPHFs and efficient one-round PAKE protocols. In Advances in cryptology—CRYPTO 2013. Lecture notes in computer science (Vol. 8042, pp. 449–475).Google Scholar
- 7.Zhang, L., Zhang, Z., & Hu, X. (2016). Uc-secure two-server password-based authentication protocol and its applications. In Proceedings of the 11th ACM on Asia conference on computer and communications security (pp. 153–164).Google Scholar
- 8.He, D., Zeadally, S., Kumar, N., & Lee, J. (2016). Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal.Google Scholar
- 15.Lindell, Y. (2007). Anonymous authentication. Journal of Privacy and Confidentiality, 2(2), 35–63.Google Scholar
- 16.Viet, D., Yamamura, A., & Tanaka, H. (2005). Anonymous password-based authenticated key exchange. In Progress in cryptology—INDOCRYPT 2005. Lecture notes in computer science (Vol. 3797, pp. 244–257).Google Scholar
- 18.Zhang, Z., Yang, K., Hu, X., & Wang, Y. (2016). Practical anonymous password authentication and tls with anonymous client authentication. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1179–1191).Google Scholar
- 20.ISO/IEC wd 20009-4. (2014). Information technology—Security techniques—Anonymous entity authentication—Part 4: Mechanisms based on weak secrets. Technical report. https://www.iso.org/standard/64288.html.
- 21.Shin, S., Kobara, K., & Imai, H. (2007). A secure threshold anonymous password-authenticated key exchange protocol. In Advances in information and computer security. Lecture notes in computer science (Vol. 4752, pp. 444–458).Google Scholar
- 22.Yang, J., & Zhang, Z. (2008). A new anonymous password-based authenticated key exchange protocol. In Progress in cryptology—INDOCRYPT 2008. Lecture notes in computer science (Vol. 5365, pp. 200–212).Google Scholar
- 24.Shin, S., Kobara, K., & Imai, H. (2009). Very-efficient anonymous password-authenticated key exchange and its extensions. In International symposium on applied algebra, algebraic algorithms, and error-correcting codes (pp. 149–158).Google Scholar
- 25.Yang, Y., Zhou, J., Weng, J., & Bao, F. (2009). A new approach for anonymous password authentication. In 25th Annual computer security applications conference (pp. 199–208).Google Scholar
- 26.Yang, Y., Zhou, J., Wong, J., & Bao, F. (2010). Towards practical anonymous password authentication. In 26th Annual computer security applications conference (pp. 59–68), New York, NY, USA.Google Scholar
- 29.Leurent, G., & Nguyen, P. Q. (2009). How risky is the random-oracle model? In Advances in cryptology-CRYPTO 2009 (pp. 445–464).Google Scholar
- 31.Bellare, M., Boldyreva, A., & Palacio, A. (2004). An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In Advances in cryptology-EUROCRYPT 2004 (pp. 171–188).Google Scholar
- 32.Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., & Pointcheval, D. (2013). SPHF-friendly non-interactive commitments. In Advances in Cryptology—ASIACRYPT 2013. Lecture notes in computer science (Vol. 8269, pp. 214–234).Google Scholar
- 33.Groce, A., & Katz, J. (2010). A new framework for efficient password-based authenticated key exchange. In Proceedings of the 17th ACM conference on computer and communications security, CCS ‘10 (pp. 516–525).Google Scholar
- 34.Shoup, V. (2001). A proposal for an ISO standard for public key encryption. Report version 2.1. http://eprint.iacr.org/2001/112.
- 35.Cramer, R., & Shoup, V. (2002). Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In Advances in cryptology—EUROCRYPT 2002. Lecture notes in computer science (Vol. 2332, pp. 45–64).Google Scholar
- 36.Gennaro, R., & Lindell, Y. (2003). A framework for password-based authenticated key exchange. In Advances in cryptology—EUROCRYPT 2003. Lecture notes in computer science (Vol. 2656, pp. 524–543).Google Scholar
- 37.Abdalla, M., Chevalier, C., & Pointcheval, D. (2009). Smooth projective hashing for conditionally extractable commitments. In Advances in cryptology—CRYPTO 2009. Lecture notes in computer science (Vol. 5677, pp. 671–689).Google Scholar
- 39.ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in cryptology (pp. 10–18).Google Scholar
- 41.Lamport, L. (1979). Constructing digital signatures from a one way function. Technical report, SRI International.Google Scholar
- 44.Bresson, E., Chevassut, O., & Pointcheval, D. (2003). Security proofs for an efficient password-based key exchange. In Proceedings of the 10th ACM conference on Computer and communications security (pp. 241–250).Google Scholar