Journal of mathematical cryptology | |
Persistent asymmetric password-based key exchange | |
article | |
Shaoquan Jiang1  | |
[1] School of Computer Science and Engineering, University of Electronic Science and Technology of China;Institute of Information Security, Mianyang Normal University | |
关键词: Cryptographic protocol; password-based key exchange; provable security; projective hash function; dictionary attack; | |
DOI : 10.1515/jmc-2012-0010 | |
学科分类:社会科学、人文和艺术(综合) | |
来源: De Gruyter | |
【 摘 要 】
Abstract. Asymmetric password based key exchange is a key exchange protocol where a client and a server share a low entropic password while the server additionally owns a high entropic secret with respect to a public key. There are simple solutions for this, e.g., [ACM Trans. Inf. Syst. Secur. 2 (1999), 230–268] and its improvement in [Proceedings of CCS 1999, ACM (1999), 63–72]. In the present paper, we consider a new threat to this type of protocol: if a server's high entropic secret gets compromised (e.g., due to cryptanalysis or a poor management), the adversary might quickly break lots of passwords and cause uncountable damage. In this case, one should not expect the protocol to be secure against an off-line dictionary attack since, otherwise, the protocol is in fact a secure password-only key exchange by making the server high entropic secret public. Of course a password-only key exchange does not suffer from this threat as the server does not have a high entropic secret at all. However, known password-only key exchange protocols are not very efficient (note: we only consider protocols without random oracles). This motivates us to study an efficient and secure asymmetric password key exchange that avoids the new threat. In this paper, we first provide a formal model for the new threat, where essentially we require that the active adversary can break ℓ$\ell $ passwords in αℓ|?|$\alpha \ell |\mathcal {D}|$ steps (for α0$\beta >0$, where ?$\mathcal {D}$ is a password dictionary. Then, we construct a framework of asymmetric password based key exchange. We prove that our protocol is secure in the regular model where server high entropic key is never compromised and that it prevents the new threat. To do this, we introduce a new technique by abstracting a probabilistic experiment from the main proof and providing a neat analysis of it.
【 授权许可】
CC BY|CC BY-NC-ND
【 预 览 】
Files | Size | Format | View |
---|---|---|---|
RO202107200005292ZK.pdf | 408KB | download |