Abstract
Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)
Anderson, R.J., Needham, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2001)
Bao, F., Deng, R.H., Zhu, H.: Variations of Diffie-Hellman problem. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 301–312. Springer, Heidelberg (2003)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)
Boyd, C., Mathuria, A.: Protocols for authentication and key establishment. Springer, Heidelberg (2003)
Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–67 (1988)
Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms, Technical report TR 260, Department of Computer Science, ETH Zürich (March 1997)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy (May 1992)
Bellovin, S., Merritt, M.: Augmented Encrypted Key Exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 244–250 (November 1993)
Bellovin, S., Merritt, M.: Cryptographic protocol for secure communications, U.S. Patent 5,241,599
Ehulund, E.: Secure on-line configuration for SIP UAs, Master thesis, The Royal Institute of Technology (August 2006)
Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: Proceedings of the 9th International Workshops on Enabling Technologies, pp. 176–180. IEEE Press, Los Alamitos (2000)
Hao, F., Zieliński, P.: A 2-round anonymous veto protocol. In: Proceedings of the 14th International Workshop on Security Protocols, SPW 2006, Cambridge, UK (May 2006)
Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communications Review 26(5), 5–26 (1996)
Jablon, D.: Extended password protocols immune to dictionary attack. In: Proceedings of the WETICE 1997 Enterprise Security Workshop, pp. 248–255 (June 1997)
Jablon, D.: Cryptographic methods for remote authentication, U.S. Patent 6,226,383 (March 1997)
Jablon, D.: Password authentication using multiple servers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 344–360. Springer, Heidelberg (2001)
Jaspan, B.: Dual-workfactor Encrypted Key Exchange: efficiently preventing password chaining and dictionary attacks. In: Proceedings of the Sixth Annual USENIX Security Conference, pp. 43–50 (July 1996)
Kobara, K., Imai, H.: Pretty-simple password-authenticated key-exchange under standard assumptions. IEICE Transactions E85-A(10), 2229–2237 (2002)
Van Oorschot, P.C., Wiener, M.J.: On Diffie-Hellman key agreement with short exponents. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 332–343. Springer, Heidelberg (1996)
Patel, S.: Number theoretic attacks on secure password schemes. In: Proceedings of the IEEE Symposium on Security and Privacy (May 1997)
Perlman, R., Kaufman, C.: Secure password-based protocol for downloading a private key. In: Proceedings of the Network and Distributed System Security (February 1999)
MacKenzie, P.: The PAK suite: protocols for password-authenticated key exchange, Technical Report 2002-46, DIMACS (2002)
MacKenzie, P.: On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. Cryptology ePrint Archive: Report 057 (2001)
IEEE P1363 Working Group, P1363.2: Standard Specifications for Password-Based Public-Key Cryptographic Techniques. Draft available at, http://grouper.ieee.org/groups/1363/
Wu, T.: The Secure Remote Password protocol. In: Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111 (March 1998)
Stinson, D.: Cryptography: theory and practice, 3rd edn. Chapman & Hall/CRC (2006)
Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)
Zhang, M.: Analysis of the SPEKE password-authenticated key exchange protocol. IEEE Communications Letters 8(1), 63–65 (2004)
Zhao, Z., Dong, Z., Wang, Y.: Security analysis of a password-based authentication protocol proposed to IEEE 1363. Theoretical Computer Science 352(1), 280–287 (2006)
Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Jiang, S.Q., Gong, G.: Password based key exchange with mutual authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 267–279. Springer, Heidelberg (2004)
Krawczyk, H.: HMQV: a high-performance secure Diffe-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1996)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the Nineteenth Annual ACM Conference on Theory of Computing, pp. 218–229 (1987)
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Hao, F., Ryan, P. (2010). J-PAKE: Authenticated Key Exchange without PKI. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science XI. Lecture Notes in Computer Science, vol 6480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17697-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-17697-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17696-8
Online ISBN: 978-3-642-17697-5
eBook Packages: Computer ScienceComputer Science (R0)