Simpler Session-Key Generation from Short Random Passwords

  • Minh-Huyen Nguyen
  • Salil Vadhan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2951)


Goldreich and Lindell (CRYPTO ‘01) recently presented the first protocol for password-authenticated key exchange in the standard model (with no common reference string or set-up assumptions other than the shared password). However, their protocol uses several heavy tools and has a complicated analysis.

We present a simplification of the Goldreich–Lindell (GL) protocol and analysis for the special case when the dictionary is of the form \(\mathcal{D} = \{0,1\}^d\), i.e. the password is a short random string (like an ATM PIN number). Our protocol can be converted into one for arbitrary dictionaries using a common reference string of logarithmic length. The security bound achieved by our protocol is somewhat worse than the GL protocol. Roughly speaking, our protocol guarantees that the adversary can “break” the scheme with probability at most \(O({\rm poly}(n)/|\mathcal{D}|)^{\Omega(1)}\), whereas the GL protocol guarantees a bound of \(O(1/|\mathcal{D}|)\).

We also present an alternative, more natural definition of security than the “augmented definition” of Goldreich and Lindell, and prove that the two definitions are equivalent.


Random String Polynomial Evaluation Auxiliary Input Common Reference String Passive Adversary 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barak, B.: Constant-Round Coin-Tossing With a Man in the Middle or Realizing the Shared Random String Model. In: IEEE Symposium on Foundations of Computer Science, pp. 345–355 (2002)Google Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: ACM/IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
  5. 5.
    Bellovin, S., Merritt, M.: Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250 (1993)Google Scholar
  6. 6.
    Boyarsky, M.: Public-Key Cryptography and Password Protocols: The Multi-User Case. In: ACM Conference on Computer and Communications Security, pp. 63–72 (1999)Google Scholar
  7. 7.
    Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: IEEE Symposium on Foundations of Computer Science, pp. 136–145 (2001)Google Scholar
  9. 9.
    Chor, B., Goldreich, O.: Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity. SIAM Journal on Computing 17(2), 230–261 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Goldreich, O., Wigderson, A.: Tiny Families of Functions with Random Properties: A Quality-Size Trade-off for Hashing. Random Structures and Algorithms 11(4), 315–343 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Halevi, S., Krawczyk, H.: Public-Key Cryptography and Password Protocols. In: ACM Conference on Computer and Communications Security, pp. 122–131 (1998)Google Scholar
  16. 16.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Kobara, K., Imai, H.: Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions. IECIE Trans. E85-A(10), 2229–2237 (2002)Google Scholar
  18. 18.
    Micali, S., Rackoff, C., Sloan, B.: The Notion of Security for Probabilistic Cryptosystems. SIAM Journal on Computing 17, 412–426 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Naor, M., Pinkas, B.: Oblivious Transfer and Polynomial Evaluation. In: ACM Symposium on Theory of Computing, pp. 245–254 (1999)Google Scholar
  20. 20.
    Nisan, N., Zuckerman, D.: Randomness is Linear in Space. Journal of Computer and System Sciences 52(1), 43–52 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Richardson, R., Kilian, J.: On the Concurrent Composition of Zero-Knowledge Proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 415–431. Springer, Heidelberg (1999)Google Scholar
  22. 22.
    Shoup, V.: On Formal Models for Secure Key Exchange. Cryptology ePrint Archive, Report 1999/012 (1999)Google Scholar
  23. 23.
    Srinivasan, A., Zuckerman, D.: Computing with Very Weak Random Sources. In: IEEE Symposium on Foundations of Computer Science, pp. 264–275 (1994)Google Scholar
  24. 24.
    Steiner, M., Tsudik, G., Waidner, M.: Refinement and Extension of Encrypted Key Exchange. Operating Systems Review 29(3), 22–30 (1995)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Minh-Huyen Nguyen
    • 1
  • Salil Vadhan
    • 1
  1. 1.Harvard UniversityCambridge

Personalised recommendations