nPAKE + : A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords

  • Zhiguo Wan
  • Robert H. Deng
  • Feng Bao
  • Bart Preneel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4861)


Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a hierarchical group PAKE protocol nPAKE +  protocol under the setting where each party shares an independent password with a trusted server. The nPAKE +  protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(logn). Additionally, the hierarchical feature of nPAKE +  enables every subgroup obtains their own subgroup key in the end. We also prove the security of our protocol under the random oracle model and the ideal cipher model.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Pointcheval, D., Scalable, A.: A Scalable Password-Based Group Key Exchange Protocol in the Standard Model. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 332–347. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Asokan, N., Ginzboorg, P.: Key Agreement in Ad-hoc Networks. Computer Communications 23(18), 1627–1637 (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: The AuthA Protocol for Password-Based Authenticated Key Exchange. In: Contribution to the IEEE P1363 study group (March 2000)Google Scholar
  4. 4.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password Based Protocols Secure against Dictionary Attacks. In: Proceedings 1992 IEEE Symposium on Research in Security and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  6. 6.
    Bellovin, S.M., Merritt, M.: Augmented EncryptedKey Exchange: A Password-based Protocol Secure against Dictionary attacks and Password File Compromise. In: Proceedings of CCS 1993, pp. 244–250 (1993)Google Scholar
  7. 7.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, Springer, Heidelberg (2002)Google Scholar
  9. 9.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security Proofs for an Efficient Password-Based Key Exchange. In: Proceedings of the 10th ACM Conference on Computer and Communications Security 2003, pp. 241–250 (2003)Google Scholar
  10. 10.
    Burmester, M., Desmedt, Y., Secure, A.: Efficient Conference Key Distribution System (extended abstract). In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, Springer, Heidelberg (1995)Google Scholar
  11. 11.
    Byun, J.W., Lee, D.H.: N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 75–90. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Byun, J.W., Lee, S.-M., Lee, D.H., Hong, D.: Constant-Round Password-Based Group Key Generation for Multi-layer Ad-Hoc Networks. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 3–17. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.-S.: Password-Authenticated Key Exchange between Clients with Different Passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Dutta, R., Barua, R.: Password-Based Encrypted Group Key Agreement. International Journal of Network Security 3(1), 23–34 (2006)Google Scholar
  15. 15.
    Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Jablon, D.: Strong Password-Only Authenticated Key Exchange. Computer Communication Review, ACM SIGCOMM 26(5), 5–26 (1996)CrossRefGoogle Scholar
  18. 18.
    Jablon, D.P.: Extended Password Key Exchange Protocols Immune to Dictionary Attacks. In: WETICE 1997, pp. 248–255. IEEE Computer Society, Los Alamitos (June 1997)Google Scholar
  19. 19.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Katz, J., Ostrovsky, R., Yung, M.: Forward Security in Password-Only Key Exchange Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Kim, Y., Perrig, A., Tsudik, G.: Simple and Fault-tolerant Key Agreement for Dynamic Collaborative Groups. In: Proceedings of CCS 2000 (2000)Google Scholar
  22. 22.
    Kim, Y., Perrig, A., Tsudik, G.: Communication-Efficient Group Key Agreement. In: Proceedings of IFIP SEC 2001 (2001)Google Scholar
  23. 23.
    Lee, S.-M., Hwang, J.Y., Lee, D.H.: Efficient Password-Based Group Key Exchange. In: Katsikas, S.K., Lopez, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 191–199. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party Encrypted Key Exchange: Attacks and A Solution. ACM Operating Systems Review 34(4), 12–20 (2000)CrossRefGoogle Scholar
  25. 25.
    Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party Encrypted Key Exchange Without Server Public-Keys. IEEE Communications Letters 5(12), 497–499 (2001)CrossRefGoogle Scholar
  26. 26.
    Lucks, S.: Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys. In: Security Protocols Workshop, pp. 79–90 (1997)Google Scholar
  27. 27.
    MacKenzie, P.: The PAK suite: Protocols for Password-Authenticated Key Exchange. Submission to IEEE P1363.2, (April 2002)Google Scholar
  28. 28.
    McGrew, D., Sherman, A.: Key Establishment in Large Dynamic Groups Using One-way Function Trees. Techinical Report 0755, Network Associates, Inc (1998)Google Scholar
  29. 29.
    Perrig, A., Song, D., Tygar, D.: ELK, A New Protocol for Efficient Large-Group Key Distribution. In: Proceedings of IEEE Syposium on Security and Privacy (2001)Google Scholar
  30. 30.
    Steer, D., Strawczynski, L., Diffie, W., Wiener, M.: A Secure Audio Teleconference System. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, Springer, Heidelberg (1990)Google Scholar
  31. 31.
    Steiner, M., Tsudik, G., Waidner, M.: Refinement and Extension of Encrypted Key Exchange. ACM SIGOPS Operating Systems Review 29(3), 22–30 (1995)CrossRefGoogle Scholar
  32. 32.
    Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman Key Distribution Extended to Group Communication. In: Proceedings of CCS 1996 (March 1996)Google Scholar
  33. 33.
    Steiner, M., Tsudik, G., Waidner, M.: Cliques: A New Approach to Group Key Agreement. In: IEEE TPDS (August 2000)Google Scholar
  34. 34.
    Steiner, M., Tsudik, G., Waidner, M.: Key Agreement in Dynamic Peer Groups. In: IEEE Transactions on Parallel and Distributed Systems (August 2000)Google Scholar
  35. 35.
    Tang, Q., Chen, L.: Weaknesses in Two Group Diffie-Hellman Key Exchange Protocols. Cryptology ePrint Archive (2005)/197Google Scholar
  36. 36.
    Tang, Q., Choo, K.-K.: Secure Password-based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  37. 37.
    Wallner, D.M., Harder, E.J., Agee, R.C.: Key Management for Multicast: Issues and Architectures, Internet Request for Comments 2627, (June 1999)Google Scholar
  38. 38.
    Wong, C.K., Gouda, M., Lam, S.: Secure Group Communications Using Key Graphs. In: Proceedings of SIGCOMM 1998 (1998)Google Scholar
  39. 39.
    Wu, T.: The Secure Remote Password Protocol. In: 1998 Internet Society Symposium on Network and Distributed System Security, pp. 97–111 (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Zhiguo Wan
    • 1
  • Robert H. Deng
    • 2
  • Feng Bao
    • 3
  • Bart Preneel
    • 1
  1. 1.K.U.Leuven, ESAT/SCD, Kasteelpark Arenberg 10, LeuvenBelgium
  2. 2.School of Information Systems, Singapore Management UniversitySingapore
  3. 3.Institute for Infocomm Research, 21 Heng Mui Keng TerraceSingapore

Personalised recommendations