Abstract
In this paper we show various techniques for improving the efficiency of the PAK and PAK-X password-authenticated key exchange protocols while maintaining provable security. First we show how to decrease the client-side computation by half in the standard PAK protocol (i.e., PAK over a subgroup of Z * p . Then we show a version of PAK that is provably secure against server compromise but is conceptually much simpler than the PAK-X protocol. Finally we show how to modify the PAK protocol for use over elliptic curve and XTR groups, thus allowing greater efficiency compared to running PAK over a subgroup of Z * p .
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In EUROCRYPT2000, pages 139–155.
M. Bellare and P. Rogaway. Entity authentication and key distribution. In CRYPTO’ 93, pages 232–249.
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Security’ 93, pages 62–73.
M. Bellare and P. Rogaway. Optimal asymmetric encryption. In EUROCRYPT 94, pages 92–111.
S. M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72–84.
S. M. Bellovin and M. Merritt. Augumented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In ACM Security’ 93, pages 244–250.
D. Bleichenbacher, 2000. Personal Communication.
V. Boyko, P. MacKenzie, and S. Patel. Provably-secure password authentication and key exchange using Diffie-Hellman. In EUROCRYPT 2000, pages 156–171.
R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. In STOC’ 98, pages 209–218.
L. Gong. Optimal authentication protocols resistant to password guessing attacks. In 8th IEEE Computer Security Foundations Workshop, pages 24–29, 1995.
L. Gong, T. M. A. Lomas, R. M. Needham, and J. H. Saltzer. Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications, 11(5): 648–656, June 1993.
IEEE. IEEE1363, “Standard Specifications for Public Key Cryptography”, 2000.
D. Jablon. Strong password-only authenticated key exchange. ACM Computer Communication Review, ACM SIGCOMM, 26(5):5–20, 1996.
D. Jablon. Extended password key exchange protocols immune to dictionary attack. In WETICE’97 Workshop on Enterprise Security, 1997.
J. Kilian, E. Petrank, and C. Rackoff. Lower bounds for zero knowledge on the internet. In FOCS’ 98, pages 484–492.
A. Lenstra and E. Verheul. Key improvements to XTR. In ASIACRYPT 2000, page to appear.
A. Lenstra and E. Verheul. The XTR public key system. In CRYPTO 2000, pages 1–18.
S. Lucks. Open key exchange: How to defeat dictionary attacks without encrypting public keys. In Proceedings of the Workshop on Security Protocols, 1997.
P. MacKenzie, S. Patel, and R. Swaminathan. Password-authenticated key exchange based on RSA. In ASIACRYPT 2000, page to appear.
M. Roe, B. Christianson, and D. Wheeler. Secure sessions from weak secrets. Technical report, University of Cambridge and University of Hertfordshire, 1998.
V. Shoup. On formal models for secure key exchange. In ACM Security’ 99.
M. Steiner, G. Tsudik, and M. Waidner. Refinement and extension of encrypted key exchange. ACM Operating System Review, 29:22–30, 1995.
U.S. Department of Commerce/N.I.S.T., Springfield, Virginia. FIPS186, ”Digital Signature Standard”, Federal Information Processing Standards Publication 186, 1994.
T. Wu. The secure remote password protocol. In NDSS’ 98, pages 97–111.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
MacKenzie, P. (2001). More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (eds) Topics in Cryptology — CT-RSA 2001. CT-RSA 2001. Lecture Notes in Computer Science, vol 2020. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45353-9_27
Download citation
DOI: https://doi.org/10.1007/3-540-45353-9_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41898-6
Online ISBN: 978-3-540-45353-6
eBook Packages: Springer Book Archive