Universally composable anonymous password authenticated key exchange

  • Xuexian Hu
  • Jiang Zhang
  • Zhenfeng Zhang
  • Jing Xu
Research Paper


Anonymous password authenticated key exchange (APAKE) is an important cryptographic primitive, through which a client holding a password can establish a session key with a server both authentically and anonymously. Although the server is guaranteed that the client in communication is from a pre-determined group, but the client’s actual identity is protected. Because of their convenience, APAKE protocols have been widely studied and applied to the privacy protection research. However, all existing APAKE protocols are handled in stand-alone models and do not adequately settle the problem of protocol composition, which is a practical issue for protocol implementation. In this paper, we overcome this issue by formulating and realizing an ideal functionality for APAKE within the well-known universal composability (UC) framework, which thus guarantees security under the protocol composition operations. Our formulation captures the essential security requirements of APAKE such as off-line dictionary attack resistance, client anonymity and explicit mutual authentication. Moreover, it addresses the arbitrary probabilistic distribution of passwords. The construction of our protocol, which utilizes SPHF-friendly commitments and CCA2-secure encryption schemes, can be instantiated and proven secure in the standard model, i.e., without random oracle heuristics.


anonymous password authentication key exchange universal composability provable security standard model 




匿名口令认证密钥交换 (APAKE) 协议是安全协议中的重要一种, 使得用户可以利用低熵口令向服务器认证地生成高熵的会话密钥, 而不泄露其具体的身份信息。 由于 APAKE 协议兼顾了口令协议的便利性和身份匿名性, 它在隐私保护相关的研究领域受到了研究者的广泛重视。 针对 APAKE 协议的可组合性安全研究的不足, 我们在通用可组合框架下形式化地定义 APAKE 安全性, 构造合适的 APAKE 理想功能, 涵盖了 APAKE 协议的可组合安全、 用户身份匿名性、 抵抗离线字典攻击、 会话密钥安全、 双向认证等安全目标; 另外, 利用 CCA 安全的公钥加密算法、 可模糊和可抽取的承诺体制、 平滑投射 Hash 函数等组件设计了 APAKE 协议, 并在标准模型下证明了协议满足可组合安全性。


匿名口令认证 密钥交换 通用可组合性 可证明安全 标准模型 


  1. 1.
    Wang S B, Zhu Y, Ma D, et al. Lattice-based key exchange on small integer solution problem. Sci China Inf Sci, 2014, 57: 112111MathSciNetGoogle Scholar
  2. 2.
    Zhang J, Zhang Z F, Ding J D, et al. Authenticated key exchange from ideal lattices. In: Oswald E, Fischlin M, eds. Advances in Cryptology–EUROCRYPT 2015, LNCS 9057. Berlin: Springer, 2015. 719–751Google Scholar
  3. 3.
    Camenisch J, Lehmann A, Lysyanskaya A, et al. Memento: how to reconstruct your secrets from a single password in a hostile environment. In: Garay J, Gennaro R, eds. Advances in Cryptology–CRYPTO 2014, LNCS 8617. Berlin: Springer, 2014. 256–275Google Scholar
  4. 4.
    Bellovin SM, Merritt M. Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, 1992. 72–84Google Scholar
  5. 5.
    Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secure against dictionary attacks. In: Preneel B, ed. Advances in Cryptology–EUROCRYPT 2000, LNCS 1807. Berlin: Springer, 2000. 139–155Google Scholar
  6. 6.
    Katz J, Ostrovsky R, Yung M. Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann B, ed. Advances in Cryptology–EUROCRYPT 2001, LNCS 2045. Berlin: Springer, 2001. 475–494Google Scholar
  7. 7.
    Jiang S Q, Gong G. Password based key exchange with mutual authentication. In: Handschuh H, Hasan M, eds. Selected Areas in Cryptography, LNCS 3357. Berlin: Springer, 2005. 267–279Google Scholar
  8. 8.
    Benhamouda F, Blazy O, Chevalier C, et al. New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti R, Garay J, eds. Advances in Cryptology–CRYPTO 2013, LNCS 8042. Berlin: Springer, 2013. 449–475Google Scholar
  9. 9.
    Chien H Y, Wu T C, Yeh M K. Provably secure gateway-oriented password-based authenticated key exchange protocol resistant to password guessing attacks. J Inf Sci Eng, 2013, 29: 249–265MathSciNetGoogle Scholar
  10. 10.
    Li W M, Wen Q Y, Su Q, et al. Password-authenticated multiple key exchange protocol for mobile applications. China Commun, 2012, 9: 64–72Google Scholar
  11. 11.
    IEEE. IEEE standard specifications for password-based public-key cryptographic techniques. IEEE Std 1363.2-2008. doi: 10.1109/IEEESTD.2009.4773330Google Scholar
  12. 12.
    Sheffer Y, Zorn G, Tschofenig H, et al. An EAP authentication method based on the encrypted key exchange (EKE) protocol. RFC 6124. Scholar
  13. 13.
    Lindell Y. Anonymous authentication. J Priv Confidentiality, 2007, 2: 35–63Google Scholar
  14. 14.
    Viet D, Yamamura A, Tanaka H. Anonymous password-based authenticated key exchange. In: Maitra S, Veni M C, Venkatesan R, eds. Progress in Cryptology–INDOCRYPT 2005, LNCS 3797. Berlin: Springer, 2005. 244–257Google Scholar
  15. 15.
    Shin S, Kobara K, Imai H. A secure threshold anonymous password-authenticated key exchange protocol. In: Miyaji A, Kikuchi H, Rannenberg K, eds. Advances in Information and Computer Security, LNCS 4752. Berlin: Springer, 2007. 444–458CrossRefGoogle Scholar
  16. 16.
    Yang J, Zhang Z F. A new anonymous password-based authenticated key exchange protocol. In: Chowdhury D, Rijmen V, Das A, eds. Progress in Cryptology–INDOCRYPT 2008, LNCS 5365. Berlin: Springer, 2008. 200–212Google Scholar
  17. 17.
    Jablon D P. Strong password-only authenticated key exchange. ACM SIGCOMM Comput Commun Rev, 1996, 26: 5–26CrossRefGoogle Scholar
  18. 18.
    Shin S, Kobara K, Imai H. Anonymous password-authenticated key exchange: new construction and its extensions. IEICE Trans Fund Electron Commun Comput Sci, 2010, 93: 102–115CrossRefzbMATHGoogle Scholar
  19. 19.
    Yang Y J, Zhou J Y, Weng J, et al. A new approach for anonymous password authentication. In: Proceedings of the 25th Annual Computer Security Applications Conference, Honolulu, 2009. 199–208Google Scholar
  20. 20.
    Yang Y J, Zhou J Y, Wong J W, et al. Towards practical anonymous password authentication. In: Proceedings of the 26th Annual Computer Security Applications Conference. New York: ACM, 2010. 59–68Google Scholar
  21. 21.
    Qian H F, Gong J Q, Zhou Y. Anonymous password-based key exchange with low resources consumption and better user-friendliness. Secur Commun Netw, 2012, 5: 1379–1393CrossRefGoogle Scholar
  22. 22.
    Abdalla M, Benhamouda F, Pointcheval D, et al. SPOKE: simple password-only key exchange in the standard model. Cryptology ePrint Archive, Report 2014/609. Scholar
  23. 23.
    Canetti R. Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science, Washington, 2001. 136–145Google Scholar
  24. 24.
    Canetti R, Halevi S, Katz J, et al. Universally composable password-based key exchange. In: Cramer R, ed. Advances in Cryptology–EUROCRYPT 2005, LNCS 3494. Berlin: Springer, 2005. 404–421Google Scholar
  25. 25.
    Abdalla M, Catalano D, Chevalier C, et al. Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin T, ed. Topics in Cryptology–CT-RSA 2008, LNCS 4964. Berlin: Springer, 2008. 335–351Google Scholar
  26. 26.
    Groce A, Katz J. A new framework for efficient password-based authenticated key exchange. In: Proceedings of the 17th ACM Conference on Computer and Communications Security–CCS’10. New York: ACM, 2010. 516–525CrossRefGoogle Scholar
  27. 27.
    Hu X X, Zhang Z F, Liu W F. Universal composable password authenticated key exchange protocol in the standard model (in Chinese). J Softw, 2011, 22: 2820–2832MathSciNetCrossRefGoogle Scholar
  28. 28.
    Abdalla M, Benhamouda F, Blazy O, et al. SPHF-friendly non-interactive commitments. In: Sako K, Sarkar P, eds. Advances in Cryptology–ASIACRYPT 2013, LNCS 8269. Berlin: Springer, 2013. 214–234Google Scholar
  29. 29.
    Gennaro R, Lindell Y. A framework for password-based authenticated key exchange. In: Biham E, ed. Advances in Cryptology–EUROCRYPT 2003, LNCS 2656. Berlin: Springer, 2003. 524–543Google Scholar
  30. 30.
    Canetti R, Rabin T. Universal composition with joint state. In: Boneh D, ed. Advances in Cryptology-CRYPTO 2003, LNCS 2729. Berlin: Springer, 2003. 265–281CrossRefGoogle Scholar
  31. 31.
    Abdalla M, Chevalier C, Pointcheval D. Smooth projective hashing for conditionally extractable commitments. In: Halevi S, ed. Advances in Cryptology–CRYPTO 2009, LNCS 5677. Berlin: Springer, 2009. 671–689Google Scholar
  32. 32.
    Cramer R, Shoup V. Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen L, ed. Advances in Cryptology–EUROCRYPT 2002, LNCS 2332. Berlin: Springer, 2002. 45–64Google Scholar
  33. 33.
    Katz J, Vaikuntanathan V. Round-optimal password-based authenticated key exchange. J Cryptol, 2013, 26: 714–743MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Haralambiev K. Efficient cryptographic primitives for non-interactive zero-knowledge proofs and applications. Dissertation for Ph.D. Degree. New York: New York University, 2011Google Scholar
  35. 35.
    Cramer R, Shoup V. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk H, ed. Advances in Cryptology–CRYPTO’98, LNCS 1462. Berlin: Springer, 1998. 13–25Google Scholar
  36. 36.
    Bellare M, Boldyreva A, Palacio A. An uninstantiable random oracle model scheme for a hybrid-encryption problem. In: Cachin C, Camenisch J, eds. Advances in Cryptology–EUROCRYPT 2004, LNCS 3027. Berlin: Springer, 2004. 171–188Google Scholar

Copyright information

© Science China Press and Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Xuexian Hu
    • 1
    • 2
    • 3
  • Jiang Zhang
    • 4
    • 1
  • Zhenfeng Zhang
    • 1
  • Jing Xu
    • 1
  1. 1.Trusted Computing and Information Assurance Laboratory, Institute of SoftwareChinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of Mathematical Engineering and Advanced ComputingZhengzhouChina
  3. 3.Science and Technology on Information Assurance LaboratoryBeijingChina
  4. 4.State Key Laboratory of CryptologyBeijingChina

Personalised recommendations