Password Based Key Exchange Protocols on Elliptic Curves Which Conceal the Public Parameters

  • Julien Bringer
  • Hervé Chabanne
  • Thomas Icart
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6123)


We here describe a new Password-based Authenticated Key Exchange (PAKE) protocol based on elliptic curve cryptography. We prove it secure in the Bellare-Pointcheval-Rogaway (BPR) model. A significant novelty in our work is that the elliptic curve public parameters remain private. This is important in the context of ID contactless devices as, in this case, there will exist most probably a way to link these parameters with the nationality of the ID document owners.


Password-based Authenticated Key Exchange Elliptic Curves Privacy 


  1. 1.
    Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Barreto, P.: Why public elliptic curves parameters are public, Tales from the Cryptographers (2005),
  3. 3.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: The AuthA protocol for password-based authenticated key exchange. In: IEEE P1363, pp. 136–3 (2000)Google Scholar
  5. 5.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
  6. 6.
    Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250 (1993)Google Scholar
  7. 7.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Boyd, C., Montague, P., Nguyen, K.Q.: Elliptic curve based password authenticated key exchange protocols. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 487–501. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM Conference on Computer and Communications Security, pp. 241–250. ACM, New York (2003)CrossRefGoogle Scholar
  10. 10.
    Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)Google Scholar
  11. 11.
    Bringer, J., Chabanne, H., Icart, T.: Password based key exchange with hidden elliptic curve public parameters. Cryptology ePrint Archive, Report 2009/468 (2009),
  12. 12.
    Coron, J.-S., Icart, T.: A random oracle into elliptic curves. Cryptology ePrint Archive, Report 2009/340 (2009),
  13. 13.
    Icart, T.: How to hash into elliptic curves. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 303–316. Springer, Heidelberg (2009)Google Scholar
  14. 14.
    Jablon, D.P.: Strong password-only authenticated key exchange. ACM Computer Communications Review 26, 5–26 (1996)CrossRefGoogle Scholar
  15. 15.
    International Civil Aviation Organization. Machine readable travel documents website, http:/ Google Scholar
  16. 16.
    Patel, S.: Number theoretic attacks on secure password schemes. In: IEEE Symposium on Security and Privacy, pp. 236–247. IEEE Computer Society, Los Alamitos (1997)Google Scholar
  17. 17.
    Shallue, A., van de Woestijne, C.: Construction of rational points on elliptic curves over finite fields. In: Hess, F., Pauli, S., Pohst, M.E. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 510–524. Springer, Heidelberg (2006)Google Scholar
  18. 18.
    Ullmann, M., Kugler, D., Neumann, H., Stappert, S., Vogeler, M.: Password authenticated key agreement for contactless smart cards. In: RFIDSec (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Julien Bringer
    • 1
  • Hervé Chabanne
    • 1
    • 2
  • Thomas Icart
    • 3
  1. 1.Sagem Sécurité 
  2. 2.Télécom ParisTech 
  3. 3.This work has been done while this author was affiliated with, Sagem Sécurité and the University of Luxembourg 

Personalised recommendations