Security of the J-PAKE password-authenticated key exchange protocol

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2015-July, Issue , 2015, Pages 571-587

  Abdalla, Michel ^a   Benhamouda, Fabrice ^a   MacKenzie, Philip ^b  

^a CNRS   (France)

^b GOOGLE INC   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; INTERACTIVE COMPUTER SYSTEMS;

AUTHENTICATED KEY EXCHANGE; DIFFIE-HELLMAN ASSUMPTION; KNOWLEDGE PROTOCOLS; NON-INTERACTIVE ZERO KNOWLEDGE; OFFLINE PASSWORD GUESSING; PASSWORD AUTHENTICATED KEY EXCHANGE PROTOCOLS; SECURITY REDUCTION; SERVER COMPROMISE;

NETWORK PROTOCOLS;

EID: 84945181077     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2015.41     Document Type: Conference Paper

References (47)

1. M. Abdalla, F. Benhamouda, and D. Pointcheval, "Public-key encryption indistinguishable under plaintext-checkable attacks," in PKC 2015, ser. LNCS, J. Katz, Ed., vol. 9020. Springer, Mar./Apr. 2015, pp. 332-352.
2. M. Abdalla, P.-A. Fouque, and D. Pointcheval, "Password-based authenticated key exchange in the three-party setting," in PKC 2005, ser. LNCS, S. Vaudenay, Ed., vol. 3386. Springer, Jan. 2005, pp. 65-84.
3. M. Abdalla and D. Pointcheval, "Simple password-based encrypted key exchange protocols," in CT-RSA 2005, ser. LNCS, A. Menezes, Ed., vol. 3376. Springer, Feb. 2005, pp. 191-208.
4. F. Bao, R. H. Deng, and H. Zhu, "Variations of Diffie-Hellman problem," in ICICS 03, ser. LNCS, S. Qing, D. Gollmann, and J. Zhou, Eds., vol. 2836. Springer, Oct. 2003, pp. 301-312.
5. M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated key exchange secure against dictionary attacks," in EUROCRYPT 2000, ser. LNCS, B. Preneel, Ed., vol. 1807. Springer, May 2000, pp. 139-155.
6. M. Bellare and P. Rogaway, "Random oracles are practical: A paradigm for designing efficient protocols," in ACM CCS 93, V. Ashby, Ed. ACM Press, Nov. 1993, pp. 62-73.
7. S. M. Bellovin and M. Merritt, "Encrypted key exchange: Password-based protocols secure against dictionary attacks," in 1992 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 1992, pp. 72-84.
8. -, "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise," in ACM CCS 93, V. Ashby, Ed. ACM Press, Nov. 1993, pp. 244-250.
9. D. Boneh, "The decision Diffie-Hellman problem," in Algorithmic number theory. LNCS, 1998, pp. 48-63.
10. V. Boyko, P. D. MacKenzie, and S. Patel, "Provably secure password-authenticated key exchange using Diffie-Hellman," in EUROCRYPT 2000, ser. LNCS, B. Preneel, Ed., vol. 1807. Springer, May 2000, pp. 156-171.
11. E. Bresson, O. Chevassut, and D. Pointcheval, "New security results on encrypted key exchange," in PKC 2004, ser. LNCS, F. Bao, R. Deng, and J. Zhou, Eds., vol. 2947. Springer, Mar. 2004, pp. 145-158.
12. R. Canetti, S. Halevi, J. Katz, Y. Lindell, and P. D. MacKenzie, "Universally composable password-based key exchange," in EUROCRYPT 2005, ser. LNCS, R. Cramer, Ed., vol. 3494. Springer, May 2005, pp. 404-421.
13. C. Chevalier, P.-A. Fouque, D. Pointcheval, and S. Zimmer, "Optimal randomness extraction from a Diffie-Hellman element," in EUROCRYPT 2009, ser. LNCS, A. Joux, Ed., vol. 5479. Springer, Apr. 2009, pp. 572-589.
14. Y. Cliff, C. Boyd, and J. M. González Nieto, "How to extract and expand randomness: A summary and explanation of existing results," in ACNS 09, ser. LNCS, M. Abdalla, D. Pointcheval, P.-A. Fouque, and D. Vergnaud, Eds., vol. 5536. Springer, Jun. 2009, pp. 53-70.
15. J.-S. Coron, J. Patarin, and Y. Seurin, "The random oracle model and the ideal cipher model are equivalent," in CRYPTO 2008, ser. LNCS, D. Wagner, Ed., vol. 5157. Springer, Aug. 2008, pp. 1-20.
16. "Firefox Sync." [Online]. Available: https://www.mozilla.org/en-US/firefox/sync/
17. J. A. Garay, P. D. MacKenzie, and K. Yang, "Strengthening zero-knowledge protocols using signatures," Journal of Cryptology, vol. 19, no. 2, pp. 169-209, Apr. 2006.
18. R. Gennaro and Y. Lindell, "A framework for password-based authenticated key exchange," ACM Transactions on Information and System Security, vol. 9, no. 2, pp. 181-234, 2006.
19. O. Goldreich and Y. Lindell, "Session-key generation using human passwords only," in CRYPTO 2001, ser. LNCS, J. Kilian, Ed., vol. 2139. Springer, Aug. 2001, pp. 408-432.
20. V. Goyal, A. Jain, and R. Ostrovsky, "Password-authenticated sessionkey generation on the internet in the plain model," in CRYPTO 2010, ser. LNCS, T. Rabin, Ed., vol. 6223. Springer, Aug. 2010, pp. 277-294.
21. A. Groce and J. Katz, "A new framework for efficient password-based authenticated key exchange," in ACM CCS 10, E. Al-Shaer, A. D. Keromytis, and V. Shmatikov, Eds. ACM Press, Oct. 2010, pp. 516-525.
22. J. Groth, "Simulation-sound NIZK proofs for a practical language and constant size group signatures," in ASIACRYPT 2006, ser. LNCS, X. Lai and K. Chen, Eds., vol. 4284. Springer, Dec. 2006, pp. 444-459.
23. J. Groth, R. Ostrovsky, and A. Sahai, "Perfect non-interactive zero knowledge for NP," in EUROCRYPT 2006, ser. LNCS, S. Vaudenay, Ed., vol. 4004. Springer, May/Jun. 2006, pp. 339-358.
24. F. Hao and P. Ryan, "J-pake: Authenticated key exchange without pki," in Transactions on Computational Science XI, ser. Lecture Notes in Computer Science, M. Gavrilova, C. Tan, and E. Moreno, Eds. LNCS, 2010, vol. 6480, pp. 192-206.
25. F. Hao and P. Zielinski, "A 2-round anonymous veto protocol," in Security Protocols, 14th International Workshop, Cambridge, UK, March 27-29, 2006, Revised Selected Papers, ser. Lecture Notes in Computer Science, B. Christianson, B. Crispo, J. A. Malcolm, and M. Roe, Eds., vol. 5087. LNCS, 2006, pp. 202-211.
26. J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby, "A pseudorandom generator from any one-way function," SIAM Journal on Computing, vol. 28, no. 4, pp. 1364-1396, 1999.
27. T. Holenstein, R. Künzler, and S. Tessaro, "The equivalence of the random oracle model and the ideal cipher model, revisited," in 43rd ACM STOC, L. Fortnow and S. P. Vadhan, Eds. ACM Press, Jun. 2011, pp. 89-98.
28. D. P. Jablon. [Online]. Available: http://www.jablon.org/passwordlinks. html
29. -, "Strong password-only authenticated key exchange," SIGCOMM Comput. Commun. Rev., vol. 26, no. 5, pp. 5-26, Oct. 1996.
30. S. Jiang and G. Gong, "Password based key exchange with mutual authentication," in SAC 2004, ser. LNCS, H. Handschuh and A. Hasan, Eds., vol. 3357. Springer, Aug. 2004, pp. 267-279.
31. J. Katz. [Online]. Available: https://www.lightbluetouchpaper.org/2008/05/29/j-pake/\#comment-9547
32. J. Katz, R. Ostrovsky, and M. Yung, "Efficient and secure authenticated key exchange using weak passwords," Journal of the ACM, vol. 57, no. 1, 2009.
33. J. Katz and V. Vaikuntanathan, "Round-optimal password-based authenticated key exchange," in TCC 2011, ser. LNCS, Y. Ishai, Ed., vol. 6597. Springer, Mar. 2011, pp. 293-310.
34. H. Krawczyk, "Cryptographic extraction and key derivation: The HKDF scheme," in CRYPTO 2010, ser. LNCS, T. Rabin, Ed., vol. 6223. Springer, Aug. 2010, pp. 631-648.
35. P. MacKenzie, "On the security of the SPEKE password-authenticated key exchange protocol," Cryptology ePrint Archive, Report 2001/057, 2001. [Online]. Available: http://eprint.iacr.org/2001/057
36. P. D. MacKenzie, S. Patel, and R. Swaminathan, "Password-authenticated key exchange based on RSA," in ASIACRYPT 2000, ser. LNCS, T. Okamoto, Ed., vol. 1976. Springer, Dec. 2000, pp. 599-613.
37. P. D. MacKenzie and K. Yang, "On simulation-sound trapdoor commitments," in EUROCRYPT 2004, ser. LNCS, C. Cachin and J. Camenisch, Eds., vol. 3027. Springer, May 2004, pp. 382-400.
38. "Nest." [Online]. Available: http://nest.com
39. "OpenSSL project." [Online]. Available: http://www.openssl.org
40. P. Paillier and D. Vergnaud, "Discrete-log-based signatures may not be equivalent to discrete log," in ASIACRYPT 2005, ser. LNCS, B. K. Roy, Ed., vol. 3788. Springer, Dec. 2005, pp. 1-20.
41. S. Patel, "Number theoretic attacks on secure password schemes," in 1997 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1997, pp. 236-247.
42. D. Pointcheval and J. Stern, "Security arguments for digital signatures and blind signatures," Journal of Cryptology, vol. 13, no. 3, pp. 361-396, 2000.
43. C.-P. Schnorr, "Efficient signature generation by smart cards," Journal of Cryptology, vol. 4, no. 3, pp. 161-174, 1991.
44. V. Shoup, "Lower bounds for discrete logarithms and related problems," in EUROCRYPT'97, ser. LNCS, W. Fumy, Ed., vol. 1233. Springer, May 1997, pp. 256-266.
45. M. Steiner, G. Tsudik, and M. Waidner, "Diffie-Hellman key distribution extended to group communication," in ACM CCS 96. ACM Press, Mar. 1996, pp. 31-37.
46. "Thread protocol." [Online]. Available: http://www.threadgroup.org
47. T. D. Wu, "The secure remote password protocol," in NDSS'98. The Internet Society, Mar. 1998.