Efficient Password-Authenticated Key Exchange Based on RSA
In this paper, we propose an efficient password-authenticated key exchange (PAKE) based on RSA, called RSA-EPAKE. Unlike SNAPI using a prime pubic key e greater than an RSA modulus n, RSA-EPAKE uses the public key e of a 96-bit prime, where e = 2H(n, s) + 1 for some s. By the Prime Number Theorem, it is easy to find such an s. But the probability that an adversary finds n and s with \(\gcd(e, \phi(n)) \neq 1\) is less than 2− 80. Hence, in the same as SNAPI, RSA-EPAKE is also secure against e-residue attacks. The computational load on Alice (or Server) and Bob (or Client) in RSA-EPAKE is less than in the previous RSA-based PAKEs such as SNAPI, PEKEP ,CEKEP, and QR-EKE. In addition, the computational load on Bob in RSA-EPAKE is less than in PAKEs based on Diffie-Hellman key exchange (DHKE) with a 160-bit exponent. If we exclude perfect forward secrecy from consideration, the computational load on Alice is a little more than that in PAKEs based on DHKE with a 160-bit exponent. In this paper, we compare RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provide a formal security analysis of RSA-EPAKE under the RSA assumption in the random oracle model.
KeywordsRandom Oracle Random Oracle Model Prime Number Theorem Dictionary Attack Perfect Forward Secrecy
Unable to display preview. Download preview PDF.
- 3.Bellovin, S., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. of the IEEE Symposium on Research in Security and Privacy, pp. 72–84 (May 1992)Google Scholar
- 6.Catalano, D., Pointcheval, D., Pornin, T.: IPAKE: Isomorphism for password-based authenticated key exchange. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 477–493. Springer, Heidelberg (2004)Google Scholar
- 11.Kwon, T.: Authentication and key agreement via memorable passwords. In: Proc. of Network and Distributed System Security Symposium (February 2001)Google Scholar
- 15.Patel, S.: Number theoretic attacks on secure password schemes. In: Proc. of IEEE Symposium on Security and Privacy (May 1997)Google Scholar
- 18.Wu, T.: The secure remote password protocol. In: Proc. of Network and Distributed System Security Symposium, Sandiego, pp. 97–111 (March 1998)Google Scholar
- 20.Zhang, M.: New approaches to password authenticated key exchange based on RSA. Cryptology ePrint Archive, Report 2004/033, http://eprint.iacr.org