Skip to main content

Anonymous Password Authenticated Key Exchange Protocol in the Standard Model

Abstract

Anonymous password authenticated key exchange (APAKE) allows a client holding a low-entropy password to establish a session key with a server in an authenticated and anonymous way. As a very convenient solution for personal privacy protection, it has attracted much attention in recent years. However, almost all existing APAKE protocols are designed in the random oracle model. In this paper, we propose the first password-only APAKE protocol (called APAKE-S) with proven security in the standard model, i.e., without random oracle heuristic. The resulting protocol guarantees AKE security, client anonymity and mutual authentication. Moreover, since the building blocks in our construction can be instantiated based on numerous hard assumptions (e.g., decisional Diffie–Hellman, Quadratic Residuosity, and N-residuosity assumptions), our APAKE-S protocol is actually a generic construction which implies a series of efficient APAKE protocols in the standard model.

This is a preview of subscription content, access via your institution.

Fig. 1

References

  1. Bellovin, S., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE computer society symposium on research in security and privacy (pp. 72–84).

  2. Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. In Advances in cryptology—EUROCRYPT 2000. Lecture notes in computer science (Vol. 1807, pp. 139–155).

  3. Boyko, V., MacKenzie, P., & Patel, S. (2000). Provably secure password-authenticated key exchange using diffie-hellman. In Advances in cryptology—EUROCRYPT 2000. Lecture notes in computer science (Vol. 1807, pp. 156–171).

  4. Katz, J., Ostrovsky, R., & Yung, M. (2001). Efficient password-authenticated key exchange using human-memorable passwords. In Advances in cryptology—EUROCRYPT 2001. Lecture notes in computer science (Vol. 2045, pp. 475–494).

  5. Jiang, S., & Gong, G. (2005) Password based key exchange with mutual authentication. In Selected areas in cryptography. Lecture notes in computer science (Vol. 3357, pp. 267–279).

  6. Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., & Vergnaud, D. (2013). New techniques for SPHFs and efficient one-round PAKE protocols. In Advances in cryptology—CRYPTO 2013. Lecture notes in computer science (Vol. 8042, pp. 449–475).

  7. Zhang, L., Zhang, Z., & Hu, X. (2016). Uc-secure two-server password-based authentication protocol and its applications. In Proceedings of the 11th ACM on Asia conference on computer and communications security (pp. 153–164).

  8. He, D., Zeadally, S., Kumar, N., & Lee, J. (2016). Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal.

  9. Wang, D., He, D., Wang, P., & Chu, C. (2015). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428–442.

    Article  Google Scholar 

  10. Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594–2608.

    Article  Google Scholar 

  11. Xia, Z., Wang, X., Sun, X., & Wang, Q. (2016). A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Transactions on Parallel and Distributed Systems, 27(2), 340–352.

    Article  Google Scholar 

  12. Fu, Z., Ren, K., Shu, J., Sun, X., & Huang, F. (2016). Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Transactions on Parallel and Distributed Systems, 27(9), 2546–2559.

    Article  Google Scholar 

  13. Fu, Z., Sun, X., Liu, Q., Zhou, L., & Shu, J. (2015). Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transactions on Communications, 98(1), 190–200.

    Article  Google Scholar 

  14. Ma, T., Zhou, J., Tang, M., Tian, Y., AlDhelaan, A., AlRodhaan, M., & Lee, S. (2015). Social network and tag sources based augmenting collaborative recommender system. IEICE Transactions on Information and Systems, 98(4), 902–910.

    Article  Google Scholar 

  15. Lindell, Y. (2007). Anonymous authentication. Journal of Privacy and Confidentiality, 2(2), 35–63.

    Google Scholar 

  16. Viet, D., Yamamura, A., & Tanaka, H. (2005). Anonymous password-based authenticated key exchange. In Progress in cryptology—INDOCRYPT 2005. Lecture notes in computer science (Vol. 3797, pp. 244–257).

  17. Hu, X., Zhang, J., Zhang, Z., & Xu, J. (2017). Universally composable anonymous password authenticated key exchange. Science China Information Sciences, 60(5), 52107.

    Article  Google Scholar 

  18. Zhang, Z., Yang, K., Hu, X., & Wang, Y. (2016). Practical anonymous password authentication and tls with anonymous client authentication. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1179–1191).

  19. Jiang, Q., Ma, J., Li, G., & Yang, L. (2014). An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wireless Personal Communications, 77(2), 1489–1506.

    Article  Google Scholar 

  20. ISO/IEC wd 20009-4. (2014). Information technology—Security techniques—Anonymous entity authentication—Part 4: Mechanisms based on weak secrets. Technical report. https://www.iso.org/standard/64288.html.

  21. Shin, S., Kobara, K., & Imai, H. (2007). A secure threshold anonymous password-authenticated key exchange protocol. In Advances in information and computer security. Lecture notes in computer science (Vol. 4752, pp. 444–458).

  22. Yang, J., & Zhang, Z. (2008). A new anonymous password-based authenticated key exchange protocol. In Progress in cryptology—INDOCRYPT 2008. Lecture notes in computer science (Vol. 5365, pp. 200–212).

  23. Jablon, D. P. (1996). Strong password-only authenticated key exchange. SIGCOMM Computer Communication Review, 26(5), 5–26.

    Article  Google Scholar 

  24. Shin, S., Kobara, K., & Imai, H. (2009). Very-efficient anonymous password-authenticated key exchange and its extensions. In International symposium on applied algebra, algebraic algorithms, and error-correcting codes (pp. 149–158).

  25. Yang, Y., Zhou, J., Weng, J., & Bao, F. (2009). A new approach for anonymous password authentication. In 25th Annual computer security applications conference (pp. 199–208).

  26. Yang, Y., Zhou, J., Wong, J., & Bao, F. (2010). Towards practical anonymous password authentication. In 26th Annual computer security applications conference (pp. 59–68), New York, NY, USA.

  27. Qian, H., Gong, J., & Zhou, Y. (2012). Anonymous password-based key exchange with low resources consumption and better user-friendliness. Security and Communication Networks, 5(12), 1379–1393.

    Article  Google Scholar 

  28. Shin, S., & Kobara, K. (2017). Simple anonymous password-based authenticated key exchange (sapake), reconsidered. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E100.A(2), 639–652.

    Article  Google Scholar 

  29. Leurent, G., & Nguyen, P. Q. (2009). How risky is the random-oracle model? In Advances in cryptology-CRYPTO 2009 (pp. 445–464).

  30. Koblitz, N., & Menezes, A. J. (2007). Another look at “provable security”. Journal of Cryptology, 20(1), 3–37.

    MathSciNet  Article  MATH  Google Scholar 

  31. Bellare, M., Boldyreva, A., & Palacio, A. (2004). An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In Advances in cryptology-EUROCRYPT 2004 (pp. 171–188).

  32. Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., & Pointcheval, D. (2013). SPHF-friendly non-interactive commitments. In Advances in Cryptology—ASIACRYPT 2013. Lecture notes in computer science (Vol. 8269, pp. 214–234).

  33. Groce, A., & Katz, J. (2010). A new framework for efficient password-based authenticated key exchange. In Proceedings of the 17th ACM conference on computer and communications security, CCS ‘10 (pp. 516–525).

  34. Shoup, V. (2001). A proposal for an ISO standard for public key encryption. Report version 2.1. http://eprint.iacr.org/2001/112.

  35. Cramer, R., & Shoup, V. (2002). Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In Advances in cryptology—EUROCRYPT 2002. Lecture notes in computer science (Vol. 2332, pp. 45–64).

  36. Gennaro, R., & Lindell, Y. (2003). A framework for password-based authenticated key exchange. In Advances in cryptology—EUROCRYPT 2003. Lecture notes in computer science (Vol. 2656, pp. 524–543).

  37. Abdalla, M., Chevalier, C., & Pointcheval, D. (2009). Smooth projective hashing for conditionally extractable commitments. In Advances in cryptology—CRYPTO 2009. Lecture notes in computer science (Vol. 5677, pp. 671–689).

  38. Katz, J., & Vaikuntanathan, V. (2013). Round-optimal password-based authenticated key exchange. Journal of Cryptology, 26(4), 714–743.

    MathSciNet  Article  MATH  Google Scholar 

  39. ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in cryptology (pp. 10–18).

  40. Even, S., Goldreich, O., & Micali, S. (1996). On-line/off-line digital signatures. Journal of Cryptology, 9(1), 35–67.

    MathSciNet  Article  MATH  Google Scholar 

  41. Lamport, L. (1979). Constructing digital signatures from a one way function. Technical report, SRI International.

  42. Akinyele, J., Garman, C., Miers, I., Pagano, M., Rushanan, M., Green, M., & Rubin, A. D. (2013). Charm: A framework for rapidly prototyping cryptosystems. Journal of Cryptographic Engineering, 3(2), 111–128.

    Article  Google Scholar 

  43. Lin, H., & Tzeng, W. (2009). Anonymous password based authenticated key exchange with sub-linear communication. Journal of Information Science and Engineering, 25(3), 907–920.

    MathSciNet  Google Scholar 

  44. Bresson, E., Chevassut, O., & Pointcheval, D. (2003). Security proofs for an efficient password-based key exchange. In Proceedings of the 10th ACM conference on Computer and communications security (pp. 241–250).

Download references

Acknowledgements

The work is supported by the National Natural Science Foundation of China (No. 61502527, 61602046, U1536205, 61379150), the National Basic Research Program of China (No. 2013CB338003 and 2012CB315905), and Foundation of Science and Technology on Information Assurance Laboratory (No. KJ-14-004).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xuexian Hu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Hu, X., Zhang, J., Zhang, Z. et al. Anonymous Password Authenticated Key Exchange Protocol in the Standard Model. Wireless Pers Commun 96, 1451–1474 (2017). https://doi.org/10.1007/s11277-017-4250-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4250-z

Keywords

  • Password authentication
  • Anonymous authentication
  • Key exchange protocol
  • Standard model