Efficient password-based authenticated key exchange without public information

Jun Shao; Zhenfu Cao; Licheng Wang; Rongxing Lu

doi:10.1007/978-3-540-74835-9_20

Efficient password-based authenticated key exchange without public information

Jun Shao, Zhenfu Cao, Licheng Wang, Rongxing Lu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Since the first password-based authenticated key exchange (PAKE) was proposed, it has enjoyed a considerable amount of interest from the cryptographic research community. To our best knowledge, most of proposed PAKEs based on Diffie-Hellman key exchange need some public information, such as generators of a finite cyclic group. However, in a client-server environment, not all servers use the same public information, which demands clients authenticate those public information before beginning PAKE. It is cumbersome for users. What's worse, it may bring some secure problems with PAKE, such as substitution attack. To remove these problems, in this paper, we present an efficient password-based authenticated key exchange protocol without any public information. We also provide a formal security analysis in the non-concurrent setting, including basic security, mutual authentication, and forward secrecy, by using the random oracle model.

Original language	English
Title of host publication	Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings
Publisher	Springer Verlag
Pages	299-310
Number of pages	12
ISBN (Print)	9783540748342
DOIs	https://doi.org/10.1007/978-3-540-74835-9_20
State	Published - 2007
Externally published	Yes
Event	12th European Symposium on Research in Computer Security, ESORICS 2007 - Dresden, Germany Duration: 24 Sep 2007 → 26 Sep 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4734 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th European Symposium on Research in Computer Security, ESORICS 2007
Country/Territory	Germany
City	Dresden
Period	24/09/07 → 26/09/07

Access to Document

10.1007/978-3-540-74835-9_20

Cite this

Shao, J., Cao, Z., Wang, L., & Lu, R. (2007). Efficient password-based authenticated key exchange without public information. In Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings (pp. 299-310). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4734 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-74835-9_20

Shao, Jun ; Cao, Zhenfu ; Wang, Licheng et al. / Efficient password-based authenticated key exchange without public information. Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2007. pp. 299-310 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a78e6eb66dba4419bf5c492af391bbe6,

title = "Efficient password-based authenticated key exchange without public information",

abstract = "Since the first password-based authenticated key exchange (PAKE) was proposed, it has enjoyed a considerable amount of interest from the cryptographic research community. To our best knowledge, most of proposed PAKEs based on Diffie-Hellman key exchange need some public information, such as generators of a finite cyclic group. However, in a client-server environment, not all servers use the same public information, which demands clients authenticate those public information before beginning PAKE. It is cumbersome for users. What's worse, it may bring some secure problems with PAKE, such as substitution attack. To remove these problems, in this paper, we present an efficient password-based authenticated key exchange protocol without any public information. We also provide a formal security analysis in the non-concurrent setting, including basic security, mutual authentication, and forward secrecy, by using the random oracle model.",

author = "Jun Shao and Zhenfu Cao and Licheng Wang and Rongxing Lu",

year = "2007",

doi = "10.1007/978-3-540-74835-9\_20",

language = "英语",

isbn = "9783540748342",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "299--310",

booktitle = "Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings",

address = "德国",

note = "12th European Symposium on Research in Computer Security, ESORICS 2007 ; Conference date: 24-09-2007 Through 26-09-2007",

}

Shao, J, Cao, Z, Wang, L & Lu, R 2007, Efficient password-based authenticated key exchange without public information. in Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4734 LNCS, Springer Verlag, pp. 299-310, 12th European Symposium on Research in Computer Security, ESORICS 2007, Dresden, Germany, 24/09/07. https://doi.org/10.1007/978-3-540-74835-9_20

Efficient password-based authenticated key exchange without public information. / Shao, Jun; Cao, Zhenfu; Wang, Licheng et al.
Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2007. p. 299-310 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4734 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Efficient password-based authenticated key exchange without public information

AU - Shao, Jun

AU - Cao, Zhenfu

AU - Wang, Licheng

AU - Lu, Rongxing

PY - 2007

Y1 - 2007

N2 - Since the first password-based authenticated key exchange (PAKE) was proposed, it has enjoyed a considerable amount of interest from the cryptographic research community. To our best knowledge, most of proposed PAKEs based on Diffie-Hellman key exchange need some public information, such as generators of a finite cyclic group. However, in a client-server environment, not all servers use the same public information, which demands clients authenticate those public information before beginning PAKE. It is cumbersome for users. What's worse, it may bring some secure problems with PAKE, such as substitution attack. To remove these problems, in this paper, we present an efficient password-based authenticated key exchange protocol without any public information. We also provide a formal security analysis in the non-concurrent setting, including basic security, mutual authentication, and forward secrecy, by using the random oracle model.

AB - Since the first password-based authenticated key exchange (PAKE) was proposed, it has enjoyed a considerable amount of interest from the cryptographic research community. To our best knowledge, most of proposed PAKEs based on Diffie-Hellman key exchange need some public information, such as generators of a finite cyclic group. However, in a client-server environment, not all servers use the same public information, which demands clients authenticate those public information before beginning PAKE. It is cumbersome for users. What's worse, it may bring some secure problems with PAKE, such as substitution attack. To remove these problems, in this paper, we present an efficient password-based authenticated key exchange protocol without any public information. We also provide a formal security analysis in the non-concurrent setting, including basic security, mutual authentication, and forward secrecy, by using the random oracle model.

UR - https://www.scopus.com/pages/publications/38049059426

U2 - 10.1007/978-3-540-74835-9_20

DO - 10.1007/978-3-540-74835-9_20

M3 - 会议稿件

AN - SCOPUS:38049059426

SN - 9783540748342

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 299

EP - 310

BT - Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings

PB - Springer Verlag

T2 - 12th European Symposium on Research in Computer Security, ESORICS 2007

Y2 - 24 September 2007 through 26 September 2007

ER -

Shao J, Cao Z, Wang L, Lu R. Efficient password-based authenticated key exchange without public information. In Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 2007. p. 299-310. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-74835-9_20

Efficient password-based authenticated key exchange without public information

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this