Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol
نویسندگان
چکیده
We study client-to-client password-authenticated key exchange (C2C-PAKE) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented C2C-PAKE schemes under the cross-realm setting. However, the schemes were not formally treated, and subsequently found to be flawed. In addition, in the schemes, there are still rooms for improvements both in computational and communicational aspects. In this paper we suggest an efficient C2C-PAKE (EC2C-PAKE) protocol, and prove that EC2CPAKE protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.
منابع مشابه
fficient and Provably Secure Generic Construction of Client-to-Client Password-Based Key Exchange Protocol
Client-to-client password authenticated key exchange (C2C-PAKE) protocol enables two clients who only share their passwords with their own servers to establish a shared key for their secure communications. Recently, Byun et al. and Yin-Li respectively proposed first provably secure C2C-PAKE protocols. However, both protocols are found to be vulnerable to undetectable online dictionary attacks a...
متن کاملCryptanalysis of a Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol
Recently, Chien et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol, through which a client and a gateway could generate a session key for future communication with the help of an authentication server. They also demonstrated that their scheme is provably secure in a formal model. However, in this letter, we will show that Chien et al.’s protocol is vul...
متن کاملA New Security Model for Cross-Realm C2C-PAKE Protocol
Cross realm client-to-client password authenticated key exchange (C2C-PAKE) schemes are designed to enable two clients in different realms to agree on a common session key using different passwords. In 2006, Yin-Bao presented the first provably secure cross-realm C2C-PAKE, which security is proven rigorously within a formally defined security model and based on the hardness of some computationa...
متن کاملProvably Secure Password-Authenticated Key Exchange Using Diffie-Hellman
When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. ...
متن کاملProvably Secure Password-authenticated Key Exchange Using Diie-hellman
When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked that would allow veriication of the password (a weak shared key), since an attacker who obtains this information may be able to run an oo-line dictionary attack to determine the correct password. We...
متن کامل