More Efficient Password-Authenticated Key Exchange

  • Philip MacKenzie
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2020)


In this paper we show various techniques for improving the efficiency of the PAK and PAK-X password-authenticated key exchange protocols while maintaining provable security. First we show how to decrease the client-side computation by half in the standard PAK protocol (i.e., PAK over a subgroup of Z p * . Then we show a version of PAK that is provably secure against server compromise but is conceptually much simpler than the PAK-X protocol. Finally we show how to modify the PAK protocol for use over elliptic curve and XTR groups, thus allowing greater efficiency compared to running PAK over a subgroup of Z p * .


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In EUROCRYPT2000, pages 139–155.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway. Entity authentication and key distribution. In CRYPTO’ 93, pages 232–249.Google Scholar
  3. 3.
    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Security’ 93, pages 62–73.Google Scholar
  4. 4.
    M. Bellare and P. Rogaway. Optimal asymmetric encryption. In EUROCRYPT 94, pages 92–111.Google Scholar
  5. 5.
    S. M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72–84.Google Scholar
  6. 6.
    S. M. Bellovin and M. Merritt. Augumented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In ACM Security’ 93, pages 244–250.Google Scholar
  7. 7.
    D. Bleichenbacher, 2000. Personal Communication.Google Scholar
  8. 8.
    V. Boyko, P. MacKenzie, and S. Patel. Provably-secure password authentication and key exchange using Diffie-Hellman. In EUROCRYPT 2000, pages 156–171.Google Scholar
  9. 9.
    R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. In STOC’ 98, pages 209–218.Google Scholar
  10. 10.
    L. Gong. Optimal authentication protocols resistant to password guessing attacks. In 8th IEEE Computer Security Foundations Workshop, pages 24–29, 1995.Google Scholar
  11. 11.
    L. Gong, T. M. A. Lomas, R. M. Needham, and J. H. Saltzer. Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications, 11(5): 648–656, June 1993.CrossRefGoogle Scholar
  12. 12.
    IEEE. IEEE1363, “Standard Specifications for Public Key Cryptography”, 2000.Google Scholar
  13. 13.
    D. Jablon. Strong password-only authenticated key exchange. ACM Computer Communication Review, ACM SIGCOMM, 26(5):5–20, 1996.CrossRefGoogle Scholar
  14. 14.
    D. Jablon. Extended password key exchange protocols immune to dictionary attack. In WETICE’97 Workshop on Enterprise Security, 1997.Google Scholar
  15. 15.
    J. Kilian, E. Petrank, and C. Rackoff. Lower bounds for zero knowledge on the internet. In FOCS’ 98, pages 484–492.Google Scholar
  16. 16.
    A. Lenstra and E. Verheul. Key improvements to XTR. In ASIACRYPT 2000, page to appear.Google Scholar
  17. 17.
    A. Lenstra and E. Verheul. The XTR public key system. In CRYPTO 2000, pages 1–18.Google Scholar
  18. 18.
    S. Lucks. Open key exchange: How to defeat dictionary attacks without encrypting public keys. In Proceedings of the Workshop on Security Protocols, 1997.Google Scholar
  19. 19.
    P. MacKenzie, S. Patel, and R. Swaminathan. Password-authenticated key exchange based on RSA. In ASIACRYPT 2000, page to appear.Google Scholar
  20. 20.
    M. Roe, B. Christianson, and D. Wheeler. Secure sessions from weak secrets. Technical report, University of Cambridge and University of Hertfordshire, 1998.Google Scholar
  21. 21.
    V. Shoup. On formal models for secure key exchange. In ACM Security’ 99.Google Scholar
  22. 22.
    M. Steiner, G. Tsudik, and M. Waidner. Refinement and extension of encrypted key exchange. ACM Operating System Review, 29:22–30, 1995.CrossRefGoogle Scholar
  23. 23.
    U.S. Department of Commerce/N.I.S.T., Springfield, Virginia. FIPS186, ”Digital Signature Standard”, Federal Information Processing Standards Publication 186, 1994.Google Scholar
  24. 24.
    T. Wu. The secure remote password protocol. In NDSS’ 98, pages 97–111.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Philip MacKenzie
    • 1
  1. 1.Bell LaboratoriesLucent TechnologiesUSA

Personalised recommendations