Universally Composable Password-Based Key Exchange

  • Ran Canetti
  • Shai Halevi
  • Jonathan Katz
  • Yehuda Lindell
  • Phil MacKenzie
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)

Abstract

We propose and realize a definition of security for password-based key exchange within the framework of universally composable (UC) security, thus providing security guarantees under arbitrary composition with other protocols. In addition, our definition captures some aspects of the problem that were not adequately addressed by most prior notions. For instance, it does not assume any underlying probability distribution on passwords, nor does it assume independence between passwords chosen by different parties. We also formulate a definition of password-based secure channels, and show that such a definition is achievable given password-based key exchange.

Our protocol realizing the new definition of password-based key exchange is in the common reference string model and relies on standard number-theoretic assumptions. The components of our protocol can be instantiated to give a relatively efficient solution which is conceivably usable in practice. We also show that it is impossible to satisfy our definition in the “plain” model (e.g., without a common reference string).

References

  1. 1.
    Barak, B., Lindell, Y., Rabin, T.: Protocol Initialization for the Framework of Universal Composability. Manuscript. Available from the ePrint archive, report 2004/006 (2004), from http://eprint.iacr.org
  2. 2.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proc. IEEE Security and Privacy, pp. 72–84. IEEE, Los Alamitos (1992)Google Scholar
  6. 6.
    Boyko, V.: On All-or-Nothing Transforms and Password-Authenticated Key Exchange. PhD thesis, MIT, EECS department (2000)Google Scholar
  7. 7.
    Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password Authentication and Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE, Los Alamitos (2001)Google Scholar
  9. 9.
    Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the Limitations of Universal Composable Two-Party Computation Without Set-Up Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Rabin, T.: Universal Composition with Joint State. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  13. 13.
    Cramer, R., Shoup, V.: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust Non-Interactive Zero-Knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. SIAM J. Computing 30(2), 391–437 (2000)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Even, S., Goldreich, O., Micali, S.: On-Line/Off-Line Digital Signatures. J. Cryptology 9(1), 35–67 (1996)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Garay, J., MacKenzie, P., Yang, K.: Strengthening Zero-Knowledge Protocols Using Signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 177–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Goldreich, O., Lindell, Y.: Session-Key Generation using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences 28, 270–299 (1984)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Gong, L., Lomas, M., Needham, R., Saltzer, J.: Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)CrossRefGoogle Scholar
  22. 22.
    Halevi, S., Krawczyk, H.: Public-Key Cryptography and Password Protocols. ACM Trans. on Information and Systems Security 2(3), 230–268 (1999)CrossRefGoogle Scholar
  23. 23.
    Katz, J., MacKenzie, P., Taban, G., Gligor, V.: Two-Server Password-Only Authenticated Key Exchange (January 2005) (Manuscript)Google Scholar
  24. 24.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    MacKenzie, P., Yang, K.: On Simulation-Sound Trapdoor Commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382–400. Springer, Heidelberg (2004), Available from the ePrint archive, report 2003/252, http://eprint.iacr.org CrossRefGoogle Scholar
  26. 26.
    Nguyen, M.H., Vadhan, S.: Simpler Session-Key Generation from Short Random Passwords. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 442–445. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  27. 27.
    Rackoff, C., Simon, D.: Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1991)Google Scholar
  28. 28.
    Sahai, A.: Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In: 40th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 543–553. IEEE, Los Alamitos (1999)Google Scholar
  29. 29.
    Shoup, V.: A Proposal for an ISO Standard for Public Key Encryption (version 2.1) (December 2001). Available from the ePrint archive, report 2001/112, from http://eprint.iacr.org

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ran Canetti
    • 1
  • Shai Halevi
    • 1
  • Jonathan Katz
    • 2
  • Yehuda Lindell
    • 3
  • Phil MacKenzie
    • 4
  1. 1.IBM T.J. Watson Research CenterHawthorneUSA
  2. 2.Dept. of Computer ScienceUniversity of MarylandUSA
  3. 3.Department of Computer ScienceBar-Ilan UniversityIsrael
  4. 4.Bell LabsLucent TechnologiesMurray HillUSA

Personalised recommendations