An Efficient Password-Only Two-Server Authenticated Key Exchange System

  • Haimin Jin
  • Duncan S. Wong
  • Yinlong Xu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4861)


One of the prominent advantages of password-only two-server authenticated key exchange is that the user password will remain secure against offline dictionary attacks even after one of the servers has been compromised. The first system of this type was proposed by Yang, Deng and Bao in 2006. The system is efficient with a total of eight communication rounds in one protocol run. However, the security assumptions are strong. It assumes that one particular server cannot be compromised by an active adversary. It also assumes that there exists a secure communication channel between the two servers. Recently, a new protocol has been proposed by the same group of researchers. The new one removes these assumptions, but in return pays a very high price on the communication overhead. It takes altogether ten rounds to complete one protocol run and requires more computation. Therefore, the question remains is whether it is possible to build a protocol which can significantly reduce the number of communication rounds without introducing additional security assumptions or computational complexity. In this paper, we give an affirmative answer by proposing a very efficient protocol with no additional assumption introduced. The protocol requires only six communication rounds without increasing the computational complexity.


Active Adversary Random Oracle Mutual Authentication Control Server Communication Round 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. 30th ACM Symp. on Theory of Computing, pp. 419–428. ACM, New York (1998)Google Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: First ACM Conference on Computer and Communications Security, Fairfax, pp. 62–73. ACM, New York (1993)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Provably secure session key distribution – the three party case. In: Proc. 27th ACM Symp. on Theory of Computing, Las Vegas, pp. 57–66. ACM, New York (1995)Google Scholar
  6. 6.
    Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., Yung, M.: Systematic design of two-party authentication protocols. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 44–61. Springer, Heidelberg (1992)Google Scholar
  7. 7.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)CrossRefzbMATHGoogle Scholar
  8. 8.
    Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: A new two-server approach for authentication with short secrets. In: USENIX Security Symposium, pp. 201–214 (2003)Google Scholar
  9. 9.
    Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005), CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001), CrossRefGoogle Scholar
  11. 11.
    Dimitrov, V.S., Jullien, G., Miller, W.C.: Complexity and fast algorithms for multiexponentiations. IEEE Transactions on Computers 49(2), 141–147 (2000)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Ford, W., Kaliski, B.: Server-assisted generation of a strong secret from a password. In: WETICE 2000: IEEE 9th International Workshop on Enabling, pp. 176–180. IEEE, Los Alamitos (2000)Google Scholar
  13. 13.
    IEEE. P1363.2 / D26: Standard Specifications for Password-based Public Key Cryptographic Techniques, (September 2006)Google Scholar
  14. 14.
    Jablon, D.P.: Password authentication using multiple servers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 344–360. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. Journal of Cryptology 19(1), 22–66 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Raimondo, M.D., Gennaro, R.: Provably secure threshold password-authenticated key exchange. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 507–523. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Yang, Y., Deng, R.H., Bao, F.: Fortifying password authentication in integrated healthcare delivery systems. In: ASIACCS 2006: Proc. the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 255–265. ACM Press, New York (2006)CrossRefGoogle Scholar
  18. 18.
    Yang, Y., Deng, R.H., Bao, F.: A practical password-based two-server authentication and key exchange system. IEEE Trans. Dependable and Secure Computing 3(2), 105–114 (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Haimin Jin
    • 1
    • 2
  • Duncan S. Wong
    • 1
  • Yinlong Xu
    • 2
  1. 1.Department of Computer Science, City University of Hong Kong, Hong KongChina
  2. 2.Department of Computer Science, University of Science and Technology of ChinaChina

Personalised recommendations