International Information Security Conference

ISC 2015: Information Security pp 244-261 | Cite as

On the Provable Security of the Dragonfly Protocol

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9290)


Dragonfly is a password-authenticated key exchange protocol that was proposed by Harkins [11] in 2008. It is currently a candidate for standardization by the Internet Engineering Task Force, and would greatly benefit from a security proof. In this paper, we prove the security of a very close variant of Dragonfly in the random oracle model. It shows in particular that Dragonfly’s main flows - a kind of Diffie-Hellman variation with a password-derived base - are sound. We employ the standard Bellare et al. [2] security model, which incorporates forward secrecy.



We thank the anonymous reviewers for their helpful comments. This work was partially supported by project SEQUOIA, a joint project between the Fonds National de la Recherche, Luxembourg and the Agence Nationale de la Recherche (France).


  1. 1.
    Abdalla, M., Benhamouda, F., MacKenzie, P.: Security of the J-PAKE password-authenticated key exchange protocol. In: 2015 IEEE Symposium on Security and Privacy, pp. 6–11 (2015)Google Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994) Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press (1993)Google Scholar
  5. 5.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, 4–6 May 1992, pp. 72–84 (1992)Google Scholar
  6. 6.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  7. 7.
    Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  9. 9.
    Clarke, D., Hao, F.: Cryptanalysis of the Dragonfly Key Exchange Protocol. Cryptology ePrint Archive, Report 2013/058 (2013).
  10. 10.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–652 (1976)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Harkins, D.: Simultaneous authentication of equals: a secure, password-based key exchange for mesh networks. In: Second International Conference on Sensor Technologies and Applications, 2008, SENSORCOMM 2008, pp. 839–844, August 2008Google Scholar
  12. 12.
    Harkins, D.: Dragonfly Key Exchange (2015).
  13. 13.
    Jablon, D.P.: Strong password-only authenticated key exchange. ACM SIGCOMM Comput. Commun. Rev. 26(5), 5–26 (1996)CrossRefGoogle Scholar
  14. 14.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  15. 15.
    Kwon, T.: Practical authenticated key agreement using passwords. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 1–12. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  16. 16.
    MacKenzie, P.: On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. Cryptology ePrint Archive, Report 2001/057 (2001).
  17. 17.
    MacKenzie, P.: The PAK Suite: Protocols for Password-Authenticated Key Exchange. DIMACS Technical report 2002–46, p. 7 (2002)Google Scholar
  18. 18.
    Pointcheval, D.: Password-based authenticated key exchange. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 390–397. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Shoup, V.: On Formal Models for Secure Key Exchange. Cryptology ePrint Archive, Report 1999/012 (1999).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Interdisciplinary Centre for Security, Reliability and Trust (SnT)University of LuxembourgLuxembourg CityLuxembourg

Personalised recommendations