Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman

Boyko, Victor; MacKenzie, Philip D.; Patel, Sarvar

doi:10.1007/3-540-45539-6_12

Cited by 550 publications

(384 citation statements)

References 27 publications

Supporting

Mentioning

378

Contrasting

Unclassified

Order By: Relevance

“…More recently, two formal models for password-authenticated key exchange have been proposed: one by Bellare, Pointcheval, and Rogaway [3], based on [4,6] with extensions suggested by [21]; and a second by Boyko, MacKenzie, and Patel [10], following [2] with extensions given in [28]. While both models have their advantages, we choose to work in the first model and review the appropriate definitions in Section 2.…”

Section: Previous Workmentioning

confidence: 99%

“…Only recently have formal validations of security for specific protocols appeared [3,10,22]. However, these validations are not proofs in the standard model; [3] relies on ideal ciphers, while [10,22] rely on random oracles.…”

Section: Previous Workmentioning

confidence: 99%

“…The setting arising most often in practice -in which (human) users are only capable of storing "human-memorable" passwords (password-authenticated key exchange) -remains much less studied, though many heuristic protocols exist. Indeed, only recently have formal definitions of security for this setting appeared [3,10,22,17].…”

Section: Introductionmentioning

confidence: 99%

“…Many heuristic protocols have been proposed to solve this important problem. Only recently have formal validations of security (namely, proofs in the idealized random oracle and ideal cipher models) been given for specific constructions [3,10,22].Very recently, a construction based on general assumptions, secure in the standard model with human-memorable passwords, has been proposed by Goldreich and Lindell [17]. Their protocol requires no public parameters; unfortunately, it requires techniques from general multi-party computation which make it impractical.…”

mentioning

confidence: 99%

mentioning

confidence: 99%

See 4 more Smart Citations

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

Katz

Ostrovsky²,

Yung

2001

Lecture Notes in Computer Science

316

248

View full text Add to dashboard Cite

Abstract. There has been much interest in password-authenticated keyexchange protocols which remain secure even when users choose passwords from a very small space of possible passwords (say, a dictionary of English words). Under this assumption, one must be careful to design protocols which cannot be broken using off-line dictionary attacks in which an adversary enumerates all possible passwords in an attempt to determine the correct one. Many heuristic protocols have been proposed to solve this important problem. Only recently have formal validations of security (namely, proofs in the idealized random oracle and ideal cipher models) been given for specific constructions [3,10,22].Very recently, a construction based on general assumptions, secure in the standard model with human-memorable passwords, has been proposed by Goldreich and Lindell [17]. Their protocol requires no public parameters; unfortunately, it requires techniques from general multi-party computation which make it impractical. Thus, [17] We show an efficient, 3-round, password-authenticated key exchange protocol with human-memorable passwords which is provably secure under the Decisional Diffie-Hellman assumption, yet requires only (roughly) 8 times more computation than "standard" Diffie-Hellman key exchange [14] (which provides no authentication at all). We assume public parameters available to all parties. We stress that we work in the standard model only, and do not require a "random oracle" assumption.

show abstract

Section: Previous Workmentioning

confidence: 99%

Section: Previous Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

Katz

Ostrovsky²,

Yung

2001

Lecture Notes in Computer Science

316

248

View full text Add to dashboard Cite

show abstract

Password Authenticated Key Exchange

Jarecki¹

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Biological One‐Way Functions for Secure Key Generation

Dodda

Wali

Yang

et al. 2018

Advcd Theory and Sims

View full text Add to dashboard Cite

Disorder is fundamental to nature and natural phenomena, providing countless information sources, which are astronomically difficult to duplicate, but have yet to be exploited for cryptographic applications. While the contemporary crypto systems, relying on the premise of abstract mathematical one-way functions, are relatively difficult to decipher with reasonable and/or finite resources, the situation is bound to change with the advent of quantum computers, necessitating physically unclonable entropy sources. As such, inspiration is drawn from the disorder that is prevalent in nature and inherent to biological systems for designing disruptive mechanisms for cryptographic key generation. It is demonstrated that the spatiotemporal dynamics of an ensemble of living organisms such as T cells can be used for maximum entropy, high-density, and high-speed key generation. Further, such biology based one-way functions are oblivious to any mathematical representations and are computationally expensive to decipher even if an adversary has an exhaustive knowledge of the key generation mechanisms, which include cell type, cell density, key sampling rate, and sampling instance. The introduction of such biological one-way functions can greatly enhance the ability to protect information in the post quantum era.Digital information is experiencing an unprecedented and super-exponential growth across every sector of modern society including defense, automation, communication, computation, agriculture, healthcare, and infrastructure. Governments, military organizations, financial institutions, and corporations now withhold a large volume of confidential and classified information about their policies, employees, financial assets, customers, manufactured goods, and research and development data. Recent

show abstract

Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman

Cited by 550 publications

References 27 publications

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

Password Authenticated Key Exchange

Biological One‐Way Functions for Secure Key Generation

Contact Info

Product

Resources

About