Provably-Secure Two-Round Password-Authenticated Group Key Exchange in the Standard Model

  • Jeong Ok Kwon
  • Ik Rae Jeong
  • Dong Hoon Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4266)


Password-authenticated group key exchange (PAGKE) allows group users to share a session key using a human-memorable password only. The fundamental security goal of PAGKE is security against dictionary attacks. Several solutions have been proposed to solve this problem while most ones require rounds linearly increasing in the number of group users, so they are neither scalable nor practical. Recently a provably-secure constant-round PAGKE protocol overcoming this shortcoming is proposed at PKC ’06. However current PAGKE protocols have been proven secure in the ideal model. The ideal model assumes that some functions are “ideal” functions (or random functions). In the ideal cipher model, we assume a block cipher is an ideal cipher and in the ideal hash model (also the so-called the random oracle model), we assume a hash function is an ideal hash function. However it is well-known that a provably-secure scheme in the ideal model may be insecure if the ideal functions are implemented by the real functions. In this paper we propose the first provably-secure PAGKE protocol in the standard model. Our protocol is a two-round protocol and the security of the protocol is reduced to the Decisional Diffie-Hellman (DDH) problem.


Forward Secrecy Dictionary Attack PAKE Protocol Corrupt Query Ideal Cipher 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Bresson, E., Chevassut, O., Essiari, A., Möller, B., Pointcheval, D.: Provably Secure Password-Based Authentication in TLS. In: Proc. of ASIACCS 2006, pp. 35–45. ACM Press, New York (2006)CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Bresson, E., Chevassut, O., Pointcheval, D.: Password-based Group Key Exchange in a Constant Number of Rounds. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 427–442. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Asokan, N., Ginzboorg, P.: Key Agreement in Ad-hoc Networks. Journal of Computer Communications 23(17), 1627–1637 (2000)CrossRefGoogle Scholar
  5. 5.
    Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks. In: Proc. of the Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proc. of 1st Conference on Computer and Communications Security, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Provably secure session key distribution-the three party case. In: Proc. of the 27th ACM Symposium on the Theory of Computing (1995)Google Scholar
  9. 9.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key agreement secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Bellare, M., Boldyreva, A., Palacio, A.: An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 171–188. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Becker, K., Wille, U.: Communication Complexity of Group Key Distribution. In: Proc. of the 5th ACM confernce on Computer and Communications Security, pp. 1–6 (1998)Google Scholar
  12. 12.
    Black, J., Rogaway, P.: Ciphers with Arbitrary Finite Domains. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 114–130. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Bluetooth. Specification of the Bluetooth System (December 1999), available at:
  14. 14.
    Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: Proc. of the 8th ACM conference on Computer and Communications Security, pp. 255–264 (2001)Google Scholar
  16. 16.
    Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman Key Exchange Secure Against Dictionary Attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security Proofs for an Efficient Password-Based Key Exchange. In: Proc. of the 10th ACM Conference on Computer and Communications Security, pp. 241–250. ACM, New York (2003)CrossRefGoogle Scholar
  18. 18.
    Bresson, E., Chevassut, O., Pointcheval, D.: New Security Results on Encrypted Key Exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Burmester, M., Desmedt, Y.: A Secure and Efficient Conference Key Distribution System. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  20. 20.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Pro. of the 32nd Annual ACM Symposium on Theory of Computing, pp. 209–218 (1998)Google Scholar
  21. 21.
    Canetti, R., Goldreich, O., Halevi, S.: On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 40–57. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 337. Springer, Heidelberg (2002), Full version available at: CrossRefGoogle Scholar
  23. 23.
    Denning, D., Sacco, G.M.: Timestamps in Key Distribution Protocols. Communications of the ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar
  24. 24.
    Dutta, R., Barua, R.: Password-based encrypted group key agreement. International Journal of Network Security 3(1), 30–41 (2006), Google Scholar
  25. 25.
    Goldreich, O., Lindell, Y.: Session-Key Generation using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Goldwasser, S., Taumen, Y.: On the (in)security of the Fiat-Shamir Paradigm. In: Proc. of STOC 2003, pp. 102–115. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  27. 27.
    Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  29. 29.
    Katz, J., Ostrovsky, R., Yung, M.: Forward secrecy in Password-only Key Exchange Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 29–44. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Katz, J., Yung, M.: Scalable Protocol for Authenticated Group Key Exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  31. 31.
    Kim, H.J., Lee, S.M., Lee, D.H.: Constant-round authenticated group key exchange for dynamic groups. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 245–259. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  32. 32.
    Kobara, K., Imai, H.: Pretty-simple password-authenticated key-exchange under standard assumptions. IEICE Transactions E85-A(10), 2229–2237 (2002), Also available at: Google Scholar
  33. 33.
    Kwon, J.O., Jeong, I.R., Lee, D.H.: Full version of this paper, available at:
  34. 34.
    Lee, S.M., Hwang, J.Y., Lee, D.H.: Efficient Password-Based Group Key Exchange. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 191–199. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  35. 35.
    MacKenzie, P.: More Efficient Password Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  36. 36.
    Naor, M., Reingold, O.: Number-Theoretic Constructions of Efficient Pseudo-Random Functions. In: Proc. of the 38th IEEE Symposium on Foundations of Computer Science, pp. 458–467. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  37. 37.
    Nielsen, J.B.: Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-Committing Encryption Case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  38. 38.
    Obraczka, K., Tsudik, G., Viswanath, K.: Publishing Limits of Multicast in Ad Hoc Networks. In: Proc. of International Conference on Distributed Computing Systems (2001)Google Scholar
  39. 39.
    Perkins, C.E.: Ad Hoc Networking. Addison Weseley, London (2001)Google Scholar
  40. 40.
    Zhou, L., Haas, Z.J.: Securing Ad Hoc Networks. IEEE Networks Magazine 13(6), 24–30 (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jeong Ok Kwon
    • 1
  • Ik Rae Jeong
    • 2
  • Dong Hoon Lee
    • 1
  1. 1.Graduate School of Information Security CISTKorea UniversitySeoulKorea
  2. 2.ETRI (Electronics and Telecommunications Research Institute)DaejeonKorea

Personalised recommendations