通用可组合的三方口令认证密钥交换协议

邓淼磊; 王玉磊; 周利华

doi:10.3724/SP.J.1146.2009.00824

通用可组合的三方口令认证密钥交换协议

doi: 10.3724/SP.J.1146.2009.00824

邓淼磊^{① 王玉磊,},
王玉磊,
周利华

基金项目:

河南省科技攻关计划项目(102102210432)资助课题

计量
- 文章访问数: 3998
- HTML全文浏览量: 72
- PDF下载量: 711
- 被引次数: 0
出版历程
- 收稿日期: 2009-06-03
- 修回日期: 2010-05-11
- 刊出日期: 2010-08-19

Universally Composable Three Party Password-authenticated Key Exchange Protocol

Deng Miao-Lei^{① 王玉磊
,},
Wang Yu-Lei,
Zhou Li-Hua

摘要

摘要: 现有的许多三方口令认证密钥交换(3PAKE)协议都被发现是不安全的。该文基于通用可组合(UC)模型，定义了3PAKE理想函数。在两方口令认证密钥交换理想函数辅助的混合模型下，构造了一个实现3PAKE理想函数的3PAKE协议。新的协议由中间密钥生成、消息认证传输和会话密钥生成3个阶段构成。该协议是UC安全的，并且结构简单。
- 密码学 /
- 安全协议 /
- 口令认证密钥交换 /
- 通用可组合
Abstract: Many existing three Party Password-Authenticated Key Exchange (3PAKE) protocols are found insecure. An ideal functionality of 3PAKE is defined in the universal composability model，and a 3PAKE protocol is constructed to realize the 3PAKE ideal functionality in the hybrid model which aided by two party password-authenticated key exchange ideal functionality. The new protocol comprises of three phases: intermediate key generation, message authentication transmission and session key generation. The protocol is UC-secure, and has simpler structure.
- Cryptography /
- Security protocol /
- Password-Authenticated Key Exchange (PAKE) /
- Universal composition

HTML全文

参考文献(1)

Lin C L, Sun H M, and Hwang T. Three party-encrypted keyexchange: attacks and a solution[J].ACM Operating SystemReview.2000, 34(4):12-20[2]Sun H M, Chen B, and Hwang T. Secure key agreementprotocols for three-party against guessing attacks[J].TheJournal of Systems and Software.2005, 75(2):63-68[3]Steiner M, Tsudik G, and Wainder M. Refinement andextension of encrypted key exchange[J].ACM OperationSystems Review.1995, 29(3):22-30[4]Lu R and Cao Z. Simple three-party key exchange protocol[J].Computer Security.2007, 26(1):94-97[5]Guo H, Li Z, and Mu Y, et al.. Cryptanalysis of simple threepartykey exchange protocol[J].Computers Security.2008,27(1):16-21[6]Phan R C, Yau W, and Goi B. Cryptanalysis of simplethree-party key exchange protocol[J].Information Sciences.2008, 178(13):2849-2856[7]Nam J, Paik J, and Kang H, et al.. An off-line dictionaryattack on a simple three-party key exchange protocol[J].IEEE Communications Letters.2009, 13(3):205-208[8]Huang H F. A simple three-party password-based keyexchange protocol[J]. International Journal ofCommunication Systems, 2009, 22(2): 113-119.[9]Canetti R. Universally composable security: a new paradigmfor cryptographic protocols[C]. IEEE Annual Symposium onFoundations of Computer Science, Nevada, USA, October2001: 136-145.[10]Ota H, Yoneyama K, and Kiyomoto S, et al.. Universallycomposable client-to-client general authenticated keyexchange[J]. Transactions of Information Processing Societyof Japan, 2007, 48(9): 3073-3088.[11]Abdalla M, Catalano D, and Chevalier C. Efficient two-partypassword-based key exchange protocols in the UCframework[C]. Cryptographers Track at the RSA Conference2008, San Francisco, USA, April 2008: 335-351.[12]邓淼磊, 王玉磊, 周利华. 通用可组合安全的公平电子支付协议[J].电子与信息学报.2009, 31(5):1063-1066浏览[13]Abdalla M, Fouque P, and Pointcheval D. Password-basedauthenticated key exchange in the three-party setting[J].IEEE Proceedings-Information Security.2006, 153(1):27-39

施引文献

资源附件(0)

访问统计