A Simple Threshold Authenticated Key Exchange from Short Secrets

  • Michel Abdalla
  • Olivier Chevassut
  • Pierre-Alain Fouque
  • David Pointcheval
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3788)


This paper brings the password-based authenticated key exchange (PAKE) problem closer to practice. It takes into account the presence of firewalls when clients communicate with authentication servers. An authentication server can indeed be seen as two distinct entities, namely a gateway (which is the direct interlocutor of the client) and a back-end server (which is the only one able to check the identity of the client). The goal in this setting is to achieve both transparency and security for the client. And to achieve these goals, the most appropriate choices seem to be to keep the client’s password private even from the back-end server and use threshold-based cryptography. In this paper, we present the Threshold Password-based Authenticated Key Exchange (GTPAKE) system: GTPAKE uses a pair of public/private keys and, unlike traditional threshold-based constructions, shares only the private key among the servers. The system does no require any certification except during the registration and update of clients’ passwords since clients do not use the public-key to authenticate to the gateway. Clients only need to have their password in hand. In addition to client security, this paper also presents highly-desirable security properties such as server password protection against dishonest gateways and key privacy against curious authentication servers.


Threshold Protocols Password-based Authentication 


  1. 1.
    Abdalla, M., Chevassut, O., Fouque, P.-A., Pointcheval, D.: A simple threshold authenticated key exchange from short secrets. Full version of current paper. Available from authors’ web pagesGoogle Scholar
  2. 2.
    Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman assumptions with applications to password-based authentication. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: The AuthA protocol for password-based authenticated key exchange. In: Contributions to IEEE P1363 (March 2000)Google Scholar
  6. 6.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, Oakland, CA, May 1992, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  7. 7.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM CCS 2003 10th Conference on Computer and Communications Security, Washington D.C., USA, October 27–30, pp. 241–250. ACM Press, New York (2003)CrossRefGoogle Scholar
  8. 8.
    Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
  10. 10.
    Di Raimondo, M., Gennaro, R.: Provably secure threshold password-authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 507–523. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Transactions on Information and System Security 2(3), 230–268 (1999)CrossRefGoogle Scholar
  12. 12.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    MacKenzie, P.D.: The PAK suite: Protocols for password-authenticated key exchange. In: Contributions to IEEE P1363.2 (2002)Google Scholar
  14. 14.
    MacKenzie, P.D., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 385–400. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Michel Abdalla
    • 1
  • Olivier Chevassut
    • 2
  • Pierre-Alain Fouque
    • 1
  • David Pointcheval
    • 1
  1. 1.Departement d’InformatiqueÉcole normale supérieureParisFrance
  2. 2.Lawrence Berkeley National LaboratoryBerkeleyUSA

Personalised recommendations