Efficient Password-Based Authentication and Key Exchange Scheme Preserving User Privacy

  • Zhenchuan Chai
  • Zhenfu Cao
  • Rongxing Lu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4138)


With the flourish of applications over the wired /wireless networks, how to keep user’s privacy has drawn growing concerns in recent years. Although the issue of user anonymity has been addressed in digital signature field by introducing the concepts of ring and group signatures, they are not suitable to anonymously authenticate a user in wireless mobile applications, because these signature schemes need infrastructure support and heavy computational costs which is beyond the computational ability of a smart card embedded in a hand-held device. In this paper, we propose an anonymous authentication scheme which also supports Diffie-Hellman key exchange. Our scheme is very efficient since it mainly uses hash and XOR operations. Moreover, our scheme possesses many good virtues of existing authentication schemes.


Smart Card Authentication Scheme Mutual Authentication User Anonymity Login Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. J. Comput. System Sci. (2005)Google Scholar
  2. 2.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to Leak a Secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  4. 4.
    Viet, D.Q., Yamamura, A., Tanaka, H.: Anonymous Password-Based Authenticated Key Exchange. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 244–257. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Bo, Z., Wan, Z.G., Kankanhalli, M.S., Feng, B., Deng, R.H.: Anonymous secure routing in mobile ad-hoc networks, Local Computer Networks, 2004. In: 29th Annual IEEE International Conference, November 16-18, pp. 102–108 (2004)Google Scholar
  6. 6.
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous Identification in Ad Hoc Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Chien, H.Y., Chen, C.H.: A remote authentication scheme preserving user anonymity. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications - AINA 2005, pp. 245–248 (2005)Google Scholar
  8. 8.
    Chien, H.Y., Jan, J., Tseng, Y.: An efficient and practical solution to remote authentication: smart card. Computer Security 21(4), 372–375 (2002)CrossRefGoogle Scholar
  9. 9.
    Hsu, C.L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Inerfaces 26(3), 167–169 (2004)CrossRefGoogle Scholar
  10. 10.
    Lu, R.X., Cao, Z.F., Su, R.W.: A self-encryption remote user anonymous authentication scheme using smart cards. Journal of Shanghai Jiaotong University (2006)Google Scholar
  11. 11.
    Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 46(1), 28–30 (2000)CrossRefGoogle Scholar
  12. 12.
    Lamport, L.: Password authentication with insecure communication. Communication of ACM 24(11), 770–772 (1981)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Yang, W.H., Shieh, S.P.: Password authentication schemes with smart card. Computer Security 18(8), 727–733 (1999)CrossRefGoogle Scholar
  14. 14.
    Wu, S.T., Chieu, B.C.: A user friendly remote authentication scheme with smart cards. Computers & Security 22(6), 547–550 (2003)CrossRefGoogle Scholar
  15. 15.
    Chen, C.M., Ku, W.C.: Stolen-verifier attack on two new strong-password authentication protocal. IEICE Transactions on Communications E85-B(11), 2519–2521 (2002)Google Scholar
  16. 16.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Zhenchuan Chai
    • 1
  • Zhenfu Cao
    • 1
  • Rongxing Lu
    • 1
  1. 1.Department of Computer Science and EngineeringShanghai Jiaotong UniversityShanghaiP.R. China

Personalised recommendations