Password-Based Authenticated Key Exchange in the Three-Party Setting

  • Michel Abdalla
  • Pierre-Alain Fouque
  • David Pointcheval
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3386)


Password-based authenticated key exchange are protocols which are designed to be secure even when the secret key or password shared between two users is drawn from a small set of values. Due to the low entropy of passwords, such protocols are always subject to on-line guessing attacks. In these attacks, the adversary may succeed with non-negligible probability by guessing the password shared between two users during its on-line attempt to impersonate one of these users. The main goal of password-based authenticated key exchange protocols is to restrict the adversary to this case only. In this paper, we consider password-based authenticated key exchange in the three-party scenario, in which the users trying to establish a secret do not share a password between themselves but only with a trusted server. Towards our goal, we recall some of the existing security notions for password-based authenticated key exchange protocols and introduce new ones that are more suitable to the case of generic constructions. We then present a natural generic construction of a three-party protocol, based on any two-party authenticated key exchange protocol, and prove its security without making use of the Random Oracle model. To the best of our knowledge, the new protocol is the first provably-secure password-based protocol in the three-party setting.


Password authenticated key exchange key distribution multi-party protocols 


  1. 1.
    Abdalla, M., Bellare, M., Rogaway, P.: The oracle diffie-hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 143. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. Full version of current paper. Available from authors’ web pagesGoogle Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th FOCS (October 1997)Google Scholar
  5. 5.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 139. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS 1993 (November 1993)Google Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Provably secure session key distribution – the three party case. In: 28th ACM STOC (May 1996)Google Scholar
  9. 9.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy (May 1992)Google Scholar
  10. 10.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 156. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Byun, J.W., Jeong, I.R., Lee, D.-H., Park, C.-S.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  14. 14.
    Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 408. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. In: ACM Transactions on Information and System Security, pp. 524–543. ACM, New York (1999)Google Scholar
  16. 16.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 475. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Krawczyk, H.: SIGMA: The ‘SIGn-and-mAc’ approach to authenticated diffie-hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party encrypted key exchange: Attacks and a solution. ACM SIGOPS Operating Systems Review 34(4), 12–20 (2000)CrossRefGoogle Scholar
  19. 19.
    MacKenzie, P.D., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 599. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    MacKenzie, P.D., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 385. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    MacKenzie, P.D.: The PAK suite: Protocols for password-authenticated key exchange. Contributions to IEEE P1363.2 (2002)Google Scholar
  22. 22.
    Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(21), 993–999 (1978)MATHCrossRefGoogle Scholar
  23. 23.
    Raimondo, M.D., Gennaro, R.: Provably secure threshold password-authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  24. 24.
    Shoup, V.: On formal models for secure key exchange. Technical Report RZ 3120, IBM (1999)Google Scholar
  25. 25.
    Steiner, J.G., Neuman, B.C., Schiller, J.L.: Kerberos: An authentication service for open networks. In: Proceedings of the USENIX Winter Conference, pp. 191–202 (1988)Google Scholar
  26. 26.
    Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of encrypted key exchange. ACM SIGOPS Operating Systems Review 29(3), 22–30 (1995)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Michel Abdalla
    • 1
  • Pierre-Alain Fouque
    • 1
  • David Pointcheval
    • 1
  1. 1.Departement d’InformatiqueÉcole normale supérieureParis Cedex 05France

Personalised recommendations