Secure Cross-Realm C2C-PAKE Protocol

  • Yin Yin
  • Li Bao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4058)


Client-to-client password authenticated key exchange (C2C-PAKE) protocol deals with the authenticated key exchange process between two clients, who only share their passwords with their own servers. Jin Wook Byun et al. first divided this scenario into two kinds called single-server C2C-PAKE protocol and cross-realm C2C-PAKE protocol respectively. Recently, Abdalla et al. proposed a generic construction for single-server C2C-PAKE protocol and presented a concrete example with security proof. But, no similar results about cross-realm C2C-PAKE protocol exist. In fact, all existing cross-realm C2C-PAKE protocols are found insecure. To counter flaws and provide a secure cross-realm C2C-PAKE protocol, in this paper, we introduce a formal model and corresponding security definitions. Then, a new cross-realm C2C-PAKE protocol is presented with security proof.


Trust Third Party Dictionary Attack Oracle Query Security Notion Semantic Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Abdalla, M., Pointcheval, D.: Interactive diffie-hellman assumptions with applications to password-based authentication. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: The autha protocol for password-based authenticated key exchange. In: Contribution to the IEEE P1363 study group (2000)Google Scholar
  5. 5.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: STOC 1995, pp. 57–66. ACM Press, New York (1995)CrossRefGoogle Scholar
  8. 8.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: CCS 2003, pp. 241–250. ACM Press, New York (2003)CrossRefGoogle Scholar
  10. 10.
    Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Byun, J.W., Jeong, I.R., Lee, D.-H., Park, C.-S.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Kim, J., Kim, S., Kwak, J., Won, D.H.: Cryptanalysis and improvement of password authenticated key exchange scheme between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 895–902. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    MacKenzie, P.D.: More efficient password-authenticated key exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    MacKenzie, P.D.: The pak suite: Protocols for password-authenticated key exchange. In: Submission to IEEE P1363.2 (2002)Google Scholar
  16. 16.
    Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Wang, S., Wang, J., Xu, M.: Weaknesses of a password-authenticated key exchange protocol between clients with different passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yin Yin
    • 1
  • Li Bao
    • 1
  1. 1.Graduate School of Chinese Academy of SciencesState Key Laboratory of Information SecurityBeijingChina

Personalised recommendations