More Efficient Password Authenticated Key Exchange Based on RSA

  • Duncan S. Wong
  • Agnes H. Chan
  • Feng Zhu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2904)


In [17], Zhu, et al. proposed a RSA-based password authenticated key exchange scheme which supports short RSA public exponents. The scheme is the most efficient one among all the RSA-based schemes currently proposed when implemented on low-power asymmetric wireless networks. We observe that its performance can further be improved by proposing two modifications. The first modification shortens the size of the message sent from the server to the client. The second modification dramatically reduces the size of the message sent from the client to the server and therefore can be used to reduce the power consumption of the client for wireless communications in a significant way. We also generalize our modified schemes and formalize the security requirements of all underlying primitives that the generic scheme is constituted. A new primitive called password-keyed permutation family is introduced. We show that the security of our password-keyed permutation family is computationally equivalent to the RSA Problem in the random oracle model.


Password Authentication Key Exchange Secure Wireless Communications 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bao, F.: Security analaysis of a password authenticated key exchange protocol. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 208–217. Springer, Heidelberg (2003) (to appear)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: First ACM Conference on Computer and Communications Security, Fairfax, pp. 62–73. ACM, New York (1993)CrossRefGoogle Scholar
  3. 3.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password based protocols secure against dictionary attacks. In: Proceedings 1992 IEEE Symposium on Research in Security and Privacy, pp. 72–84. IEEE Computer Society, Los Alamitos (1992)CrossRefGoogle Scholar
  4. 4.
    Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes, and Cryptography 2(2), 107–125 (1992)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003), also in Cryptology ePring Archive: Report 2003/032CrossRefGoogle Scholar
  7. 7.
    Gong, L., Lomas, M.A., Needham, R.M., Saltzer, J.H.: Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)CrossRefGoogle Scholar
  8. 8.
    IEEE. P1363.2 / D10: Standard Specifications for Password-based Public Key Cryptographic Techniques (July 2003)Google Scholar
  9. 9.
    Jablon, D.P.: Strong password-only authenticated key exchange. ACM Computer Communication Review 26(5), 5–26 (1996)CrossRefGoogle Scholar
  10. 10.
    Jablon, D.P.: Extended password key exchange protocols immune to dictionary attack. In: Proceedings of the WETICE 1997 Workshop on Enterprise Security, Cambridge, MA, USA (June 1997)Google Scholar
  11. 11.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 475. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Lucks, S.: Open key exchange: How to defeat dictionary attacks without encrypting public keys. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79–90. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Wong, D.S., Fuentes, H.H., Chan, A.H.: The performance measurement of cryptographic primitives on palm devices. In: Proc. of the 17th Annual Computer Security Applications Conference (December 2001)Google Scholar
  16. 16.
    Wu, T.: The secure remote password protocol. In: 1998 Internet Society Symposium on Network and Distributed System Security, pp. 97–111 (1998)Google Scholar
  17. 17.
    Zhu, F., Wong, D.S., Chan, A.H., Ye, R.: Password authenticated key exchange based on RSA for imbalanced wireless networks. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 150–161. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Duncan S. Wong
    • 1
  • Agnes H. Chan
    • 2
  • Feng Zhu
    • 2
  1. 1.Department of Computer ScienceCity University of Hong KongHong KongChina
  2. 2.College of Computer ScienceNortheastern UniversityBostonU.S.A.

Personalised recommendations