Abstract
In this paper we present a general framework for password-based authenticated key exchange protocols, in the common reference string model. Our protocol is actually an abstraction of the key exchange protocol of Katz et al. and is based on the recently introduced notion of smooth projective hashing by Cramer and Shoup. We gain a number of benefits from this abstraction. First, we obtain a modular protocol that can be described using just three high-level cryptographic tools. This allows a simple and intuitive understanding of its security. Second, our proof of security is significantly simpler and more modular. Third, we are able to derive analogues to the Katz et al. protocol under additional cryptographic assumptions. Specifically, in addition to the DDH assumption used by Katz et al., we obtain protocols under both the Quadratic and N-Residuosity assumptions. In order to achieve this, we construct new smooth projective hash functions.
A full version of this paper is available from the Cryptology ePrint Archive, http://eprint.iacr.org/2003/032/
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, D. Pointcheval and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. In Eurocrypt 2000, Springer-Verlag (LNCS 1807), pages 139–155, 2000.
M. Bellare and P. Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In 1st Conf. on Computer and Communications Security, ACM, pages 62–73, 1993.
M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. In CRYPTO’93, Springer-Verlag (LNCS 773), pages 232–249, 1994.
S. M. Bellovin and M. Merritt. Encrypted Key Exchange: Password based protocols secure against dictionary attacks. In Proceedings 1992 IEEE Symposium on Research in Security and Privacy, pages 72–84. IEEE Computer Society, 1992.
S. M. Bellovin and M. Merritt. Augmented encrypted key exchange: A passwordbased protocol secure against dictionary attacks and password file compromise. In Proceedings of the 1st ACM Conference on Computer and Communication Security, pages 244–250, 1993.
V. Boyko, P. MacKenzie and S. Patel. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In Eurocrypt 2000, Springer-Verlag (LNCS 1807), pages 156–171, 2000.
R. Canetti, O. Goldreich, and S. Halevi. The Random Oracle Methodology, Revisited. In 30th STOC, pages 209–218, 1998.
R. Canetti and H. Krawczyk. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In Eurocrypt 2001, Springer-Verlag (LNCS 2045), pages 453–474, 2001.
R. Cramer and V. Shoup. A practical public-key cryptosystem secure against adaptive chosen ciphertexts attacks. In CRYPTO’98, Springer-Verlag (LNCS 1462), pages 13–25, 1998.
R. Cramer and V. Shoup. Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In Eurocrypt 2002, Springer-Verlag (LNCS 2332), pages 45–64, 2002.
G. Di Crescenzo, Y. Ishai, and R. Ostrovsky. Non-Interactive and Non-Malleable Commitment. In 30th STOC, pages 141–150, 1998.
G. Di Crescenzo, J. Katz, R. Ostrovsky and A. Smith. Efficient and Non-interactive Non-malleable Commitment. In Eurocrypt 2001, Springer-Verlag (LNCS 2045), pages 40–59, 2001.
W. Diffie and M.E. Hellman. New Directions in Cryptography. IEEE Trans. on Inf. Theory, IT-22, pp. 644–654, Nov. 1976.
D. Dolev, C. Dwork and M. Naor. Non-malleable Cryptography. SIAM Journal of Computing, 30(2): 391–437.
C. Dwork. The non-malleability lectures. Course notes for CS 359, Stanford University, Spring 1999. Available at: http://theory.stanford.edu/~gdurf/cs359-s99.
O. Goldreich. Foundations of Cryptography — Basic Tools. Cambridge University Press. 2001.
O. Goldreich and Y. Lindell. Session Key Generation using Human Passwords Only. In CRYPTO 2001, Springer-Verlag (LNCS 2139), pages 408–432, 2001.
S. Halevi and H. Krawczyk. Public-Key Cryptography and Password Protocols. In ACM Conference on Computer and Communications Security, 1998.
D.P. Jablon. Strong password-only authenticated key exchange. SIGCOMM Computer Communication Review, 26(5):5–26, 1996.
J. Katz. Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks. Ph.D. Thesis, Columbia University, 2002.
J. Katz, R. Ostrovsky and M. Yung. Practical Password-Authenticated Key Exchange Provably Secure under Standard Assumptions. In Eurocrypt 2001, Springer-Verlag (LNCS 2045), pp. 475–494, 2001.
S. Lucks. Open key exchange: How to defeat dictionary attacks without encrypting public keys. In Proceedings of the Workshop on Security Protocols, Ecole Normale Superieure, 1997.
M. Naor and M. Yung. Universal One-Way Hash Functions and their Cryptographic Applications. In 21st STOC, pages 33–43, 1989.
P. Paillier. Public-Key Cryptosystems based on Composite Degree Residue Classes. In EUROCRYPT’99, Springer-Verlag (LNCS 1592), pages 223–228, 1999.
S. Patel. Number theoretic attacks on secure password schemes. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 236–247, 1997.
M. Steiner, G. Tsudik and M. Waidner. Refinement and extension of encrypted key exchange. ACM SIGOPS Oper. Syst. Rev., 29(3):22–30, 1995.
T. Wu. The secure remote password protocol. In 1998 Internet Society Symposium on Network and Distributed System Security, pp. 97–111, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Gennaro, R., Lindell, Y. (2003). A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_33
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive