A Simple Threshold Authenticated Key Exchange from Short Secrets
This paper brings the password-based authenticated key exchange (PAKE) problem closer to practice. It takes into account the presence of firewalls when clients communicate with authentication servers. An authentication server can indeed be seen as two distinct entities, namely a gateway (which is the direct interlocutor of the client) and a back-end server (which is the only one able to check the identity of the client). The goal in this setting is to achieve both transparency and security for the client. And to achieve these goals, the most appropriate choices seem to be to keep the client’s password private even from the back-end server and use threshold-based cryptography. In this paper, we present the Threshold Password-based Authenticated Key Exchange (GTPAKE) system: GTPAKE uses a pair of public/private keys and, unlike traditional threshold-based constructions, shares only the private key among the servers. The system does no require any certification except during the registration and update of clients’ passwords since clients do not use the public-key to authenticate to the gateway. Clients only need to have their password in hand. In addition to client security, this paper also presents highly-desirable security properties such as server password protection against dishonest gateways and key privacy against curious authentication servers.
KeywordsThreshold Protocols Password-based Authentication
- 1.Abdalla, M., Chevassut, O., Fouque, P.-A., Pointcheval, D.: A simple threshold authenticated key exchange from short secrets. Full version of current paper. Available from authors’ web pagesGoogle Scholar
- 5.Bellare, M., Rogaway, P.: The AuthA protocol for password-based authenticated key exchange. In: Contributions to IEEE P1363 (March 2000)Google Scholar
- 9.Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
- 13.MacKenzie, P.D.: The PAK suite: Protocols for password-authenticated key exchange. In: Contributions to IEEE P1363.2 (2002)Google Scholar