Simpler session-key generation from short random passwords

Journal of Cryptology

Volumn 21, Issue 1, 2008, Pages 52-96

  Nguyen, Minh Huyen ^a   Vadhan, Salil ^a  

^a HARVARD UNIVERSITY   (United States)

Author keywords

Authentication; Cryptographic protocols; Human memorizable passwords; Key exchange; Secure two party computation

Indexed keywords

CRYPTOGRAPHIC PROTOCOLS; HUMAN MEMORIZABLE PASSWORDS; KEY EXCHANGE; SECURE TWO PARTY COMPUTATION;

AUTHENTICATION; DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC DOCUMENT EXCHANGE; NETWORK SECURITY;

PUBLIC KEY CRYPTOGRAPHY;

EID: 38849201191     PISSN: 09332790     EISSN: 14321378     Source Type: Journal    
DOI: 10.1007/s00145-007-9008-4     Document Type: Article

References (28)

1. B. Barak, Constant-Round Coin-Tossing with a Man in the Middle or Realizing the Shared Random String Model, in IEEE Symposium on Foundations of Computer Science (2002), pp. 345-355
2. M. Bellare, D. Pointcheval, P. Rogaway, Authenticated Key Exchange Secure against Dictionary Attacks, in Advances in Cryptology-Eurocrypt 2000 Proceedings. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 139-155
3. M. Bellare, P. Rogaway, Entity Authentication and Key Distribution, in Advances in Cryptology-Crypto 93 Proceedings. Lecture Notes in Computer Science, vol. 773 (Springer, Berlin, 1994), pp. 232-249
4. S. Bellovin, M. Merritt, Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks, in ACM/IEEE Symposium on Research in Security and Privacy (1992), pp. 72-84
5. S. Bellovin, M. Merritt, Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise, in ACM Conference on Computer and Communications Security (1993), pp. 244-250
6. M. Boyarsky, Public-Key Cryptography and Password Protocols: The Multi-User Case, in ACM Conference on Computer and Communications Security (1999), pp. 63-72
7. V. Boyko, P. MacKenzie, S. Patel, Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman, in Advances in Cryptology-Eurocrypt 2000 Proceedings. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 156-171
8. R. Canetti, Universally Composable Security: A New Paradigm for Cryptographic Protocols, in IEEE Symposium on Foundations of Computer Science (2001), pp. 136-145
9. B. Chor, O. Goldreich, Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity, SIAM J. Comput. 17(2), 230-261 (1988)
10. W. Diffie, M. Hellman, New Directions in Cryptography, IEEE Trans. Inf. Theory 22(6), 644-654 (1976)
11. Y. Dodis, R. Oliveira, On Extracting Private Randomness over a Public Channel. Approximation, Randomization, and Combinatorial Optimization, in Proc. of APPROX 2003 and RANDOM 2003. Lecture Notes in Computer Science, vol. 2764 (Springer, Berlin, 2003), pp. 252-263
12. Y. Dodis, A. Elbaz, R. Raz, R. Oliveira, Improved Randomness Extraction from Two Independent Sources. Approximation, Randomization, and Combinatorial Optimization, in Proc. of APPROX 2004 and RANDOM 2004. Lecture Notes in Computer Science, vol. 3122 (Springer, Berlin, 2004)
13. R. Gennaro, Y. Lindell, A Framework for Password-Based Authenticated Key Exchange, in Advances in Cryptology-Eurocrypt 2003 Proceedings. Lecture Notes in Computer Science, vol. 2656 (Springer, Berlin, 2003), pp. 524-543
14. O. Goldreich, Foundations of Cryptography, vol. 2 (Cambridge University Press, Cambridge, 2004)
15. O. Goldreich, Y. Lindell, Session-Key Generation Using Human Passwords Only, in Advances in Cryptology-Crypto 2001 Proceedings. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 408-432. Full version to appear in Journal of Cryptology
16. S. Goldwasser, S. Micali, Probabilistic Encryption, J. Comput. Syst. Sci. 28(2), 270-299 (1984)
17. S. Halevi, H. Krawczyk, Public-Key Cryptography and Password Protocols, in ACM Conference on Computer and Communications Security (1998), pp. 122-131
18. J. Katz, R. Ostrovsky, M. Yung, Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords, in Advances in Cryptology-Eurocrypt 2001 Proceedings. Lecture Notes in Computer Science, vol. 2045 (Springer, Berlin, 2001), pp. 475-494
19. P. MacKenzie, S. Patel, R. Swaminathan, Password Authenticated Key Exchange Based on RSA, in ASIACRYPT (2000), pp. 599-613
20. S. Micali, C. Rackoff, B. Sloan, The Notion of Security for Probabilistic Cryptosystems, SIAM J. Comput. 17, 412-426 (1988)
21. M. Naor, B. Pinkas, Oblivious Transfer and Polynomial Evaluation, in ACM Symposium on Theory of Computing (1999), pp. 245-254
22. M.-H. Nguyen, S. Vadhan, Simpler Session-Key Generation from Short Random Passwords, in Proceedings of the First Theory of Cryptography Conference (TCC '04). Lecture Notes in Computer Science, vol. 2951 (Springer, Berlin, 2004), pp. 428-445
23. N. Nisan, D. Zuckerman, Randomness is Linear in Space, J. Comput. Syst. Sci. 52(1), 43-52 (1996)
24. R. Richardson, J. Kilian, On the Concurrent Composition of Zero-Knowledge Proofs, in Advances in Cryptology-Eurocrypt 99 Proceedings. Lecture Notes in Computer Science, vol. 1592 (Springer, Berlin, 1999), pp. 415-431
25. V. Shoup, On Formal Models for Secure Key Exchange, Cryptology ePrint Archive Report 1999/012 (1999)
26. A. Srinivasan, D. Zuckerman, Computing with Very Weak Random Sources, SIAM J. Comput. 28(4), 1453-1459 (1999)
27. M. Steiner, G. Tsudik, M. Waidner, Refinement and Extension of Encrypted Key Exchange, Oper. Syst. Rev. 29(3), 22-30 (1995)
28. A. Yao, How to Generate and Exchange Secrets, in IEEE Symposium on Foundations of Computer Science (1986), pp. 162-167