Robust Authenticated Key Exchange Using Passwords and Identity-Based Signatures

  • Jung Yeon Hwang
  • Seung-Hyun Kim
  • Daeseon Choi
  • Seung-Hun Jin
  • Boyeon Song
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9497)


In the paper we propose new authenticated key exchange (AKE) protocols from a combination of identity-based signature (IBS) and a password-based authentication. The proposed protocols allows for a client to execute a convenient authentication by using only a human-memorable password and a server’s identity. The use of an IBS gives security enhancements against threats from password leakage. A server authentication method is based on an IBS, which is independent of a password shared with a client. Even if a password is revealed on the side of a client protected poorly, server impersonation can be prevented effectively. In addition, our protocols have resilience to server compromise by using ‘password verification data’, not a true password at the server. An adversary cannot use the data revealed from server compromise directly to impersonate a client without additional off-line dictionary attacks. We emphasize that most of existing password-based AKE protocols are vulnerable to subsequent attacks after password leakage.

Our first hybrid AKE protocol is constructed using concrete parameters from discrete logarithm based groups. It is designed to give resilience to server compromise. Our second protocol is a simplified version of the first protocol where the computation cost of a client is cheap. Generalizing the basic protocols, we present a modular method to convert Diffie-Hellman key exchange into an AKE protocol based on a password and an IBS. Finally, we give performance analysis for our protocols and comparison among known hybrid AKE protocols and ours. As shown later in the paper, our protocols provide better performance. Our experimental results show that the proposed protocols run in at most 20 ms. They can be widely applied for information security applications.


Authentication Password Identity-based signature Key exchange 

Supplementary material


  1. 1.
    Abdalla, M., Benhamouda, F., Mackenzie, P.: Security of the J-PAKE password-authenticated key exchange protocol. In: IEEE Symposium on Security and Privacy 2015, pp. 571–587. IEEE Computer Society (2015)Google Scholar
  2. 2.
    Boyarsky, M.K.: Public-key cryptography and password protocols: the multi-user case. In: ACMCCS 1999, pp. 63–72. ACM, New York (1999)Google Scholar
  3. 3.
    Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Galbraith, S.D., hÉigeartaigh, C.Ó., Scott, M.: Efficient pairing computation on supersingular abelian varieties. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  6. 6.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Efficient implementation of pairing based cryptosystems. J. Cryptol. 17, 321–334 (2004). Springer-VerlagMathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocol secure against dictionary attack. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
  8. 8.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  9. 9.
    Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  10. 10.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  11. 11.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  12. 12.
    Chen, L., Harrison, K., Soldera, D., Smart, N.P.: Applications of multiple trust authorities in pairing based cryptosystems. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 260–275. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  13. 13.
    Clancy, T.: Eap password authenticated exchange, draft archive (2005).
  14. 14.
    Akinyele, J.A., et al.: Charm: a framework for rapidly prototyping cryptosystems. J. Crypt. Eng. 3(2), 111–128 (2013)CrossRefGoogle Scholar
  15. 15.
    Choi, K.Y., Hwang, J.Y., Cho, J., Kwon, T.: Constructing efficient PAKE protocols from identity-based KEM/DEM, Cryptology ePrint Archive, Report 2015/606 (2015). (To appear in WISA 2015)
  16. 16.
    Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  17. 17.
    Choi, K.Y., Hwang, J.Y., Lee, D.-H.: Efficient ID-based group key agreement with bilinear maps. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 130–144. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  18. 18.
    Dent, A.W., Galbraith, S.D.: Hidden pairings and trapdoor DDH groups. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 436–451. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  19. 19.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Elashry, I., Mu, Y., Susilo, W.: Jhanwar-Barua’s identity-based encryption revisited. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 271–284. Springer, Heidelberg (2014) Google Scholar
  21. 21.
    Gallbraith, S.: Pairings, Advances in Elliptic Curve Cryptography, vol. 317, Chapter IX, pp. 183–213. Cambridge University Press (2005)Google Scholar
  22. 22.
    Galindo, D., Garcia, F.D.: A schnorr-like lightweight identity-based signature scheme. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 135–148. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  23. 23.
    Gong, L.A., Lomas, T.M., Needham, R., Saltzwe, J.: Protecting poorly chosen secrets from guessing attacks. IEEE J. Sel. Areas Commun. 11(5), 648–656 (1993)CrossRefGoogle Scholar
  24. 24.
    Gentry, C., MacKenzie, P.D., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142–159. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  25. 25.
    Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2(3), 230–268 (1999)CrossRefGoogle Scholar
  26. 26.
    Housley, R., Polk, T.: Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. Wiley, Chichester (2001)Google Scholar
  27. 27.
    Hao, F., Ryan, P.Y.A.: Password authenticated key exchange by juggling. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds.) Security Protocols 2008. LNCS, vol. 6615, pp. 159–171. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  28. 28.
    Hao, F., Shahandashti, S.F.: The SPEKE protocol revisited. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 26–38. Springer, Heidelberg (2014). Cryptology ePrint Archive, Report 2014/585. Google Scholar
  29. 29.
    Internet Engineering Task Forces, Eap password authenticated exchange (2005).
  30. 30.
    Jablon, D.: Strong password-only authenticated key exchange. ACM SIGCOMM Comput. Commun. Rev. 26(5), 5–26 (1996)CrossRefGoogle Scholar
  31. 31.
    IEEE 1363.2:2008 Specification For Password-based Public-key Cryptographic TechniquesGoogle Scholar
  32. 32.
    ISO/IEC 11770–4:2006 Information technology - Security techniques - Key management - Part 4: Mechanisms based on weak secretsGoogle Scholar
  33. 33.
    ITU-T Recommendation X. 1035: Password-Authenticated Key Exchange (PAK) Protocol.
  34. 34.
    Kwon, T.: Addendum to Summary of AMP, In Submission to the IEEE P1363 study group for future PKC standards (2003)Google Scholar
  35. 35.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  36. 36.
    Kolesnikov, V., Rackoff, C.: Key exchange using passwords and long keys. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 100–119. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  37. 37.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  38. 38.
    Lee, H.T., Cheon, J.H., Hong, J.: Accelerating ID-based Encryption Based on Trapdoor DL Using Pre-computation. Cryptology ePrint Archive, Report 2011/187 (2011).
  39. 39.
    Paterson, K.: Cryptography from pairings, Advances in Elliptic Curve Cryptography, vol. 317, Chap. X, pp. 215–251. Cambridge University Press, Cambridge (2005)Google Scholar
  40. 40.
    Pointcheval, D.: Password-based authenticated key exchange. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 390–397. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  41. 41.
    Litzenberger, D.C.: Pycrypto-the python cryptography toolkit (2014).
  42. 42.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)CrossRefzbMATHGoogle Scholar
  43. 43.
    Paterson, K.G., Srinivasan, S.: On the relations between non-interactive key distribution, identity-based encryption and trapdoor discrete log groups. Des. Codes Crypt. 52(2), 219–241 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  44. 44.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985) CrossRefGoogle Scholar
  46. 46.
    Schnorr, C.-P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)CrossRefzbMATHGoogle Scholar
  47. 47.
    Certicom, S.E.C.: SEC 2: Recommended elliptic curve domain parameters. In: Proceeding of Standards for Efficient Cryptography, Version 1 (2000)Google Scholar
  48. 48.
    Brown, D.: SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2 (2010).
  49. 49.
    Shin, S., Kobara, K.: Efficient Augumented Password-only Authentication and Key Exchange for IKEv2, RFC 6628, ISSN 2070–1721, IETF (2012)Google Scholar
  50. 50.
    Sakai, R., Kasahara, M.: ID Based Cryptosystems with Pairing over Elliptic Curve, Cryptology ePrint Archive, Report 2003/054.
  51. 51.
    Wu, T.: SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, In Submission to the IEEE P1363 Working Group (2002)Google Scholar
  52. 52.
    Yi, X., Tso, R., Okamoto, E.: ID-based group password-authenticated key exchange. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 192–211. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  53. 53.
    Yi, X., Tso, R., Okamoto, E.: Identity-based password-authenticated key exchange for client/server model. In: SECRYPT 2012, pp. 45–54 (2012)Google Scholar
  54. 54.
    Yi, X., Hao, F., Bertino, E.: ID-based two-server password-authenticated key exchange. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 257–276. Springer, Heidelberg (2014) Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jung Yeon Hwang
    • 1
  • Seung-Hyun Kim
    • 1
  • Daeseon Choi
    • 2
  • Seung-Hun Jin
    • 1
  • Boyeon Song
    • 3
  1. 1.Electronics and Telecommunications Research Institute (ETRI)DaejeonKorea
  2. 2.Department of Medical InformationKongju UniversityNonsan-siKorea
  3. 3.Korea Institute of Science and Technology Information (KISTI)DaejeonKorea

Personalised recommendations