Leakage-Resilient Authenticated Key Establishment Protocols

  • SeongHan Shin
  • Kazukuni Kobara
  • Hideki Imai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2894)


Authenticated Key Establishment (AKE) protocols enable two entities, say a client (or a user) and a server, to share common session keys in an authentic way. In this paper, we review AKE protocols from a little bit different point of view, i.e. the relationship between information a client needs to possess (for authentication) and immunity to the respective leakage of stored secrets from a client side and a server side. Since the information leakage would be more conceivable than breaking down the underlying cryptosystems, it is desirable to enhance the immunity to the leakage. First and foremost, we categorize AKE protocols according to how much resilience against the leakage can be provided. Then, we propose new AKE protocols that have immunity to the leakage of stored secrets from a client and a server (or servers), respectively. And we extend our protocols to be possible for updating secret values registered in server(s) or password remembered by a client.


Secret Sharing Scheme Dictionary Attack Internet Engineer Task PAKE Protocol Threshold Secret Sharing Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abdalla, M., Miner, S., Namprempre, C.: Forward-Secure Threshold Signature Schemes. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 441–456. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Anderson, R.: Two Remarks on Public Key Cryptology. Technical Report, No. 549, University of Cambridge (December 2002)Google Scholar
  3. 3.
    Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictioinary Attacks. In: Proc. of IEEE Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
  5. 5.
    Bellare, M., Miner, S.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Blakley, G.R.: Safeguarding Cryptographic Keys. In: Proc. of National Computer Conference 1979. AFIPS, vol. 48, pp. 313–317 (1979)Google Scholar
  8. 8.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proc. of ACM CCS 1993, pp. 62–73 (1993)Google Scholar
  10. 10.
    CERT Coordination Center,
  11. 11.
    Canetti, R., Halevi, S., Katz, J.: A Forward-Secure Public-Key Encryption Scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Frier, Karlton, P., Kocher, P.: The SSL 3.0 Protocol. Netscape Communications Corp. (1996),
  15. 15.
    Goldreich, O., Lindell, Y.: Session-Key Generation using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Gennaro, R., Lindell, Y.: A Framework for Password-based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003), A full paper is available at: CrossRefGoogle Scholar
  17. 17.
    Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive Public Key and Signature Systems. In: Proc. of ACM CCS 1996, April 1997, pp. 100–110 (1996)Google Scholar
  18. 18.
    IEEE Std. 1363-2000. IEEE Standard Specifications for Public Key Cryptography. Main Document, August 29, pp. 53–57. IEEE, Los Alamitos (2000)Google Scholar
  19. 19.
    IEEE P1363.2. Standard Specifications for Password-based Public Key Cryptographic Techniques. Draft version 11, August 12 (2003)Google Scholar
  20. 20.
    IETF (Internet Engineering Task Force). Challenge Handshake Authentication Protocol,
  21. 21.
    IETF (Internet Engineering Task Force). IP Security Protocol (ipsec) Charter,
  22. 22.
    IETF (Internet Engineering Task Force). Secure Shell (secsh) Charter,
  23. 23.
    IETF (Internet Engineering Task Force). Transport Layer Security (tls) Charter,
  24. 24.
    Itkis, G., Reyzin, L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. 25.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. IETF RFC 2104 (1997),
  26. 26.
    Kobara, K., Imai, H.: Pretty-Simple Password-Authenticated Key-Exchange under Standard Assumptions. IACR ePrint Archieve (2003),
  27. 27.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Kwon, T.: Authentication and Key Agreement via Memorable Password. In: Proc. of NDSS 2001 Symposium (2001)Google Scholar
  29. 29.
    MacKenzie, P.: More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    MacKenzie, P.: On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. IACR ePrint Archieve (2001),
  31. 31.
    Microsoft Corporation,
  32. 32.
    MacKenzie, P., Patel, S., Swaminathan, R.: Password-Authenticated Key Exchange Based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  33. 33.
    MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold Password- Authenticated Key Exchange. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 385–400. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  34. 34.
    Naor, M., Yung, M.: Universal One-Way Hash Functions and Their Cryptographic Applications. In: Proc. of STOC 1998, pp. 33–43 (1998)Google Scholar
  35. 35.
    Ostrovsky, R., Yung, M.: How to Withstand Mobile Virus Attacks. In: Proc. of 10th Annual ACM Symposium on Principles of Distributed Computing (1991)Google Scholar
  36. 36.
    Raimondo, M.D., Gennaro, R.: Provably Secure Threshold Password- Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 507–523. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  37. 37.
    Shamir: How to Share a Secret. Proc. of Communications of the ACM 22(11), 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  38. 38.
    A full version of this paper will appear in IACR ePrint ArchieveGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • SeongHan Shin
    • 1
  • Kazukuni Kobara
    • 1
  • Hideki Imai
    • 1
  1. 1.Institute of Industrial ScienceThe University of TokyoTokyoJapan

Personalised recommendations