Abstract
Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client (only 2-rounds between a client and a server). Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.
Similar content being viewed by others
References
Bellare M, Pointcheva D, Rogaway P. Authenticated Key Exchange Secure Against Dictionary Attacks[C]//Proceeding of EUROCRYPT 2000 (LNCS 1807). Berlin: Springer-Verlag, 2000: 139–155.
Byun J W, Jeong I R, Lee D H, et al. Password-Authenticated Key Exchange between Clients with Different Passwords [C]//Proceeding of ICICS 2002 (LNCS 2513). Berlin: Springer-Verlag, 2002: 134–146.
Chen L. A Weakness of the Password-Authenticated Key Agreement between Clients with Different Passwords Scheme [R]. Paris: ISO/IEC JTC 1/SC27 N3716, 2003.
Kim J, Kim S, Kwak J, et al. Cryptoanalysis and Improvements of Password Authenticated Key Exchange Scheme Between Clients with Different Passwords[C] //Proceeding of ICCSA 2004 (LNCS 3044). Berlin: Springer-Verlag, 2004: 895–890.
Yoon E J, Yoo K Y. A Secure Password-Authenticated Key Exchange between Clients with Different Passwords[C] //Proceeding of APWeb 2006 (LNCS 3841). Berlin: Springer-Verlag, 2006: 659–663.
Byun J W, Lee D H, Lim J. Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol[C] //Proceeding of APWeb 2006 (LNCS 3841). Berlin: Springer-Verlag, 2006: 830–836.
Yin Y, Li B. Secure Cross-Realm C2C-PAKE Protocol[C] //Proceeding of ACISP 2006 (LNCS 4058). Berlin: Springer-Verlag, 2006: 395–406.
Phan R C W, Goi B M. Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols[C]//Proceeding of INDOCRYPT 2006(LNCS 4329). Berlin: Springer-Verlag, 2006: 104–117.
Kazuki Y, Haruki O. Secure Cross-Realm Client-to-Client Password-Based Authenticated Key Exchange Against Undetectable On-Line Dictionary Attacks[C]//Proceeding of AAECC 2007(LNCS 4851). Berlin: Springer-Verlag, 2007: 257–266.
Xu J, Zhang Z F, Feng D G. Analysis and Improvement of Client-to-Client Password-Authenticated Key Exchange Protocols[ R]. Beijing: State Key Laboratory of Information Security, 2007: 119–124.
Abdalla M, Pointcheval D. Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication [C]//Proceeding of FC 2005(LNCS 3570). Berlin: Springer-Verlag, 2005: 341–356.
Szydlo M. A Note on Chosen-Basis Decisional Diffie-Hellman Assumptions[C] //Proceeding of FC 2006(LNCS 4012). Berlin: Springer-Verlag, 2006: 289–292.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (2007AA01Z431)
Rights and permissions
About this article
Cite this article
Ding, X., Ma, C. & Cheng, Q. Analysis and improvement of cross-realm client-to-client password authenticated key exchange protocols. Wuhan Univ. J. Nat. Sci. 13, 572–576 (2008). https://doi.org/10.1007/s11859-008-0512-7
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-008-0512-7