Verifier-based anonymous password-authenticated key exchange protocol in the standard model

被引：4

作者：

Zhang, Qihui ^{[1
]}

Chaudhary, Pradeep ^{[2
]}

Kumari, Saru ^{[3
]}

Kong, Zhiyin ^{[4
]}

Liu, Wenfen ^{[5
]}

机构：

[1] State Key Lab Math Engn & Adv Comp, Zhengzhou 450001, Henan, Peoples R China

[2] Chaudhary Charan Singh Univ, Dept Stat, Meerut 250004, Uttar Pradesh, India

[3] Chaudhary Charan Singh Univ, Dept Math, Meerut 250004, Uttar Pradesh, India

[4] Sci & Technol Informat Assurance Lab, Beijing 100072, Peoples R China

[5] Guilin Univ Elect Technol, Guangxi Key Lab Cryptog & Informat, Guilin 541004, Guangxi, Peoples R China

来源：

MATHEMATICAL BIOSCIENCES AND ENGINEERING | 2019年 / 16卷 / 05期

关键词：

password authentication; anonymous protocol; key exchange; server compromise; standard model; SECURE;

D O I：

10.3934/mbe.2019180

中图分类号：

Q [生物科学];

学科分类号：

07 ; 0710 ; 09 ;

摘要：

Anonymous password-authenticated key exchange (APAKE) allows a client to authenticate herself and to establish a secure session key with a remote server via only a low-entropy password, while keeping her actual identity anonymous to the third party as well as to the server. Since that APAKE protocol enjoys both the convenience of password authentication and the advantage of privacy protection, researchers have paid much attention to them. However, most of the existing APAKE protocols are designed in the symmetric setting which does not take into consideration the threat of password file leakage. To mitigate the damage of server compromise, we propose a verifier-based anonymous password-authenticated key exchange protocol, in which the server holds a verifier corresponding to each client instead of the clear password. The construction of our protocol is built on standard cryptographic primitives such public key encryption, smooth projective hash functions and password hashing schemes. The resulting protocol is proved secure in the standard model, i.e., without resorting to random oracles. Comparisons with other similar schemes show that our protocol guarantees stronger security while enjoys considerable efficiency in terms of computational cost.

引用

页码：3623 / 3640

页数：18

共 37 条

[1]

Abdalla M, 2005, LECT NOTES COMPUT SC, V3386, P65

[2]

Abdalla M, 2005, LECT NOTES COMPUT SC, V3376, P191

[3] Disjunctions for Hash Proof Systems: New Constructions and Applications [J].

Abdalla, Michel ;

Benhamouda, Fabrice ;

Pointcheval, David .

ADVANCES IN CRYPTOLOGY - EUROCRYPT 2015, PT II, 2015, 9057 :69-100

[4] Public-Key Encryption Indistinguishable Under Plaintext-Checkable Attacks [J].

Abdalla, Michel ;

Benhamouda, Fabrice ;

Pointcheval, David .

PUBLIC-KEY CRYPTOGRAPHY - PKC 2015, 2015, 9020 :332-352

[5]

[Anonymous], 1989, ADV CRYPTOLOGY CRYPT, DOI DOI 10.1007/0-387-34805-0_24

[6]

[Anonymous], 2017, 200094 ISOIEC

[7]

Bellare M, 2000, LECT NOTES COMPUT SC, V1807, P139

[8]

Bellovin S. M., 1992, Proceedings. 1992 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.92CH3157-5), P72, DOI 10.1109/RISP.1992.213269

[9]

Benhamouda F., 2013, IACR CRYPTOLOGY EPRI, V2013, P833

[10]

Benhamouda F, 2013, LECT NOTES COMPUT SC, V8042, P449, DOI 10.1007/978-3-642-40041-4_25

← 1 2 3 4 →