Session-key generation using human passwords only

Journal of Cryptology

Volumn 19, Issue 3, 2006, Pages 241-340

  Goldreich, Oded ^a   Lindell, Yehuda ^b  

^a WEIZMANN INSTITUTE OF SCIENCE   (Israel)

^b BAR ILAN UNIVERSITY   (Israel)

Author keywords

[No Author keywords available]

Indexed keywords

COMBINATORIAL MATHEMATICS; NETWORK PROTOCOLS; POLYNOMIALS; QUERY LANGUAGES;

LEGITIMATE PARTIES; PERMUTATIONS; PROBABILISTIC POLYNOMIAL-TIME ADVERSARIES; SESSION-KEY GENERATION;

CRYPTOGRAPHY;

EID: 33745184723     PISSN: 09332790     EISSN: 14321378     Source Type: Journal    
DOI: 10.1007/s00145-006-0233-z     Document Type: Article

References (54)

1. B. Barak. Constant-Round Coin-Tossing with a Man in the Middle or Realizing the Shared Random String Model. In Proceedings of the 43rd IEEE Symposium on the Foundations of Computer Science, pages 345-355, 2002.
2. D. Beaver. Secure Multi-Party Protocols and Zero-Knowledge Proof Systems Tolerating a Fault Minority. Journal of Cryptology, 4(2):75-122, 1991.
3. M. Bellare, R. Canetti and H. Krawczyk. Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. In Proceedings of the 30th ACM Symposium on the Theory of Computing, pages 419-428, 1998.
4. M. Bellare, D. Pointcheval and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. In EUROCRYPT '00, pages 139-155. Springer-Verlag (LNCS 1807), Berlin, 2000.
5. M. Bellare and P. Rogaway. Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 62-73, 1993.
6. M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. In CRYPTO '93, pages 232-249. Springer-Verlag (LNCS 773), Berlin, 1994.
7. M. Bellare and P. Rogaway. Provably Secure Session Key Distribution: The Three Party Case. In Proceedings of the 21th ACM Symposium on the Theory of Computing, pages 57-66, 1995.
8. M. Bellare and M. Yung. Certifying Permutations: Non-Interactive Zero-Knowledge Based on Any Trapdoor Permutation. Journal of Cryptology, 9(3):149-166, 1996.
9. S.M. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In Proceedings of the ACM/IEEE Symposium on Research in Security and Privacy, pages 72-84, 1992.
10. S.M. Bellovin and M. Merritt. Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise. In Proceedings of the 1st ACM Conference on Computer and Communication Security, pages 244-250, 1993.
11. M. Blum. Coin Flipping by Phone. Proceedings of the IEEE Spring COMPCOM, pages 133-137, February 1982.
12. M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information. In CRYPTO '84, pages 289-302. Springer-Verlag (LNCS 196), Berlin, 1985.
13. M. Blum and S. Micali. How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits. SIAM Journal of Computation, 13(4):850-864, 1984.
14. M. Boyarsky. Public-Key Cryptography and Password Protocols: The Multi-User Case. In Proceedings of the 6th ACM Conference on Computer and Communication Security, pages 63-72, 1999.
15. V. Boyko, P. MacKenzie and S. Patel. Provably Secure Password- Authenticated Key Exchange Using Diffie-Hellman. In EUROCRYPT '00, pages 156-171. Springer-Verlag (LNCS 1807), Berlin, 2000.
16. R. Canetti. Security and Composition of Multi-Party Cryptographic Protocols. Journal of Cryptology, 13(1):143-202, 2000.
17. R. Canetti. Universally Composable Security: A New Paradigm for Cryptographic Protocols. In Proceedings of the 42nd IEEE Symposium on the Foundations of Computer Science, pages 136-145, 2001.
18. R. Canetti, O. Goldreich, and S. Halevi. The Random Oracle Methodology, Revisited. In Proceedings of the 30th ACM Symposium on the Theory of Computing, pages 209-218, 1998.
19. R. Canetti and H. Krawczyk. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In EUROCRYPT '01, pages 453-474. Springer-Verlag (LNCS 2045), Berlin, 2001.
20. W. Diffie and M.E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22:644-654, 1976.
21. W. Diffie, P.C. Van Oorschot and M.J. Wiener. Authentication and Authenticated Key Exchanges. Designs Codes and Cryptography, 2(2):107-125, 1992.
22. D. Dolev, C. Dwork, and M. Naor. Non-Malleable Cryptography. SIAM Journal on Computing, 30(2):391-437, 2000.
23. U. Feige and A. Shamir. Witness Indistinguishability and Witness Hiding Protocols. In Proceedings of the 22nd ACM Symposium on the Theory of Computing, pages 416-426, 1990.
24. Y. Gertner, S. Kannan, T. Malkin, O. Reingold and M. Viswanathan. The Relationship between Public-Key Encryption and Oblivious Transfer. In Proceedings of the 41st IEEE Symposium on the Foundations of Computer Science, pages 325-335, 2000.
25. O. Goldreich. Foundation of Cryptography: Volume 1 - Basic Tools. Cambridge University Press, Cambridge, 2001.
26. O. Goldreich. Foundations of Cryptography: Volume 2 - Basic Applications. Cambridge University Press, Cambridge, 2004.
27. O. Goldreich, S. Goldwasser, and S. Micali. How to Construct Random Functions. Journal of the ACM, 33(4):792-807, 1986.
28. O. Goldreich and A. Kahan. How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. Journal of Cryptology, 9(3):167-190, 1996.
29. O. Goldreich, L.A. Levin and N. Nisan. On Constructing 1-1 One-Way Functions. Electronic Colloquium on Computational Complexity, TR95-029, 1995.
30. O. Goldreich, S. Micali and A. Wigderson. How to Play Any Mental Game - A Completeness Theorem for Protocols with Honest Majority. In Proceedings of the 19th ACM Symposium on the Theory of Computing, pages 218-229, 1987. For details see Chapter 7 of [26].
31. O. Goldreich, S. Micali and A. Wigderson. Proofs that Yield Nothing but Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems. Journal of the ACM, 38(1):691-729, 1991.
32. S. Goldwasser and S. Micali. Probabilistic Encryption. Journal of Computer and System Sciences, 28(2):270-299, 1984.
33. S. Goldwasser, S. Micali and C. Rackoff. The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Computing, 18(1):186-208, 1989.
34. S. Halevi and H. Krawczyk. Public-Key Cryptography and Password Protocols. In Proceedings of the 5th ACM Conference on Computer and Communications Security, pages 122-131, 1998.
35. R. Impagliazzo and S. Rudich. Limits on the Provable Consequences of One-Way Permutations. In Proceedings of the 21st ACM Symposium on the Theory of Computing, pages 44-61, 1989.
36. D.P. Jablon. Strong Password-Only Authenticated Key Exchange. SIGCOMM Computer Communications Review, 26(5):5-26, 1996.
37. J. Katz, R. Ostrovsky and M. Yung. Practical Password-Authenticated Key Exchange Provably Secure under Standard Assumptions. In EUROCRYPT '01, pages 475-494. Springer-Verlag (LNCS 2045), Berlin, 2001.
38. C. Kaufman, R. Perlman and M. Speciner. Network Security. Prentice-Hall, Englewood Cliffs, NJ, 1997.
39. J. Kilian. Basing Cryptography on Oblivious Transfer. In Proceedings of the 20th ACM Symposium on the Theory of Computing, pages 20-31, 1988.
40. Y. Lindell. Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation. In CRYPTO '01, pages 171-189. Springer-Verlag (LNCS 2139), Berlin, 2001.
41. S. Lucks. Open Key Exchange: How to Defeat Dictionary Attacks without Encrypting Public Keys. In Security Protocols, 5th International Workshop, pages 79-90. Springer-Verlag (LNCS 1361), Berlin, 1998.
42. A. Menezes, P. Van Oorschot and S. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL, 1997.
43. S. Micali and P. Rogaway. Secure Computation. Unpublished manuscript, 1992. Preliminary version in CRYPTO '91, pages 392-404, Springer-Verlag (LNCS 576), Berlin, 1991.
44. M. Naor, R. Ostrovsky, R. Venkatesan and M. Yung. Zero-Knowledge Arguments for NP Can Be Based on General Assumptions. Journal of Cryptology, 11(2):87-108, 1998.
45. M. Naor and B. Pinkas. Oblivious Transfer and Polynomial Evaluation. In Proceedings of the 31st ACM Symposium on the Theory of Computing, pages 245-254, 1999.
46. R.M. Needham and M.D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, 21(12):993-999, 1978.
47. S. Patel. Number Theoretic Attacks on Secure Password Schemes. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 236-247, 1997.
48. R. Richardson and J. Kilian. On the Concurrent Composition of Zero-Knowledge Proofs. In EUROCRYPT '99, pages 415-431. Springer-Verlag (LNCS 1592), Berlin, 1999.
49. R. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21(2):120-126, 1978.
50. V. Shoup. On Formal Models for Secure Key Exchange. Cryptology ePrint Archive, Report 1999/012, http://eprint.iacr.org/.
51. M. Steiner, G. Tsudik and M. Waidner. Refinement and extension of encrypted key exchange. ACM SIGOPS Operating Systems Review, 29(3):22-30, 1995.
52. T. Wu. The Secure Remote Password Protocol. In Proceedings of the 1998 Internet Society Symposium on Network and Distributed System Security, pages 97-111, 1998.
53. A.C. Yao. Theory and Application of Trapdoor Functions. In Proceedings of the 23rd IEEE Symposium on the Foundations of Computer Science, pages 80-91, 1982.
54. A.C. Yao. How to Generate and Exchange Secrets. In Proceedings of the 21th IEEE Symposium on the Foundations of Computer Science, pages 162-167, 1986.