ID-Based Group Password-Authenticated Key Exchange

Abstract: Abstract-Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKE protocols in the group scenario, in which a group of clients, each of them shares a password with an "honest but curious" server, intend to establish a common secret key (i.e., a group key) with the help of the server. In this setting, the key established is known to the clients only and no one else, including the… Show more

“…As already mentioned, Yi et al's protocol [3] is based on identity-based cryptography where an arbitrary identity serves as a public key. In this section, we revisit the relevant terminology and definitions from [3].…”

“…In this section, we revisit the relevant terminology and definitions from [3]. No originality is claimed for this section.…”

“…This section reviews Yi et al's password-authenticated GKE protocol PGKE [3]. There are three kinds of entities Building Blocks.…”

Yi et al.'s Group Key Exchange Protocol : A Security Vulnerability and its Remediation

“…As already mentioned, Yi et al's protocol [3] is based on identity-based cryptography where an arbitrary identity serves as a public key. In this section, we revisit the relevant terminology and definitions from [3].…”

“…In this section, we revisit the relevant terminology and definitions from [3]. No originality is claimed for this section.…”

“…This section reviews Yi et al's password-authenticated GKE protocol PGKE [3]. There are three kinds of entities Building Blocks.…”

Yi et al.'s Group Key Exchange Protocol : A Security Vulnerability and its Remediation

“…However, the server is a machine which can keep secret keys from a large space. Based on this feature, identity-based group and three-party PAKE protocols, in which a group of clients, each of them shares his password with an "honest but curious" server, establish a group key with the help of SECRYPT2012-InternationalConferenceonSecurityandCryptography the server, have been proposed in (Yi et al, 2009;Yi et al, 2011). In that setting, the key established is known to the clients only and no one else, including the server.…”

“…In this paper, we consider a two-party setting, where a client and a server, who share a password, establish a cryptography key on the basis of identitybased encryption. The essential difference between this setting and the group or three-party PAKE (Yi et al, 2009;Yi et al, 2011) is that the established key in this setting is known to the server. We propose an identity-based model for this setting, where the client needs to remember a password only while the server keeps the password in addition to a private key related to its identity.…”

Identity-based Password-Authenticated Key Exchange for Client/Server Model

ID-Based Two-Server Password-Authenticated Key Exchange