• PDF / 516,265 Bytes
• 20 Pages / 439.37 x 666.142 pts Page_size
• 114 Downloads / 194 Views

DOWNLOAD

REPORT

Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China {xujing,huxuexian,zfzhang}@tca.iscas.ac.cn 2 State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou 450002, China

Abstract. Password-based group key exchange protocols allow group users who share only a short, low entropy password to agree on a cryptographically strong session key. One fundamental complexity measure of such protocols is its round complexity. In this paper, we present the first one-round password-based group key exchange protocol in the common random string model. Furthermore, we propose a completely new approach to remove the need for the common random string and then construct a two-round password-based group key exchange protocol that does not require any setup assumption. This is - to the best of our knowledge - the first password-based group key exchange protocol without trusted setup. Using indistinguishability obfuscation as main tool, both protocols are provably secure in the standard model. Keywords: Group key exchange protocol · Password based authentication · Round complexity · Indistinguishability obfuscation

1

Introduction

Password-based authenticated key exchange (PAKE) protocols [1] allow users who share only a short, low-entropy password to agree on a cryptographically strong session key. PAKE protocols are fascinating from a theoretical perspective, as they can be viewed as a means of “bootstrapping” a common cryptographic key from the (essentially) minimal setup assumption of a short, shared secret. PAKE protocols are also important in practice, since passwords are perhaps the most common and widely-used means of authentication. In this paper, we consider PAKE protocols in the group setting where the number of users involved in the computation of a common session key can be large. This work was supported by the National Grand Fundamental Research (973) Program of China under Grant 2013CB338003, China Postdoctoral Science Foundation under Grant 2014M552524, and the National Natural Science Foundation of China (NSFC) under Grants 61170279, U1536205 and 61170278. c Springer International Publishing Switzerland 2015  T. Malkin et al. (Eds.): ACNS 2015, LNCS 9092, pp. 42–61, 2015. DOI: 10.1007/978-3-319-28166-7 3

Round-Optimal Password-Based Group Key Exchange Protocols

43

The difficulty in designing password-based protocols is to prevent off-line dictionary attacks whereby an eavesdropping adversary exhaustively enumerates passwords, attempting to match the correct password to the eavesdropped session. However, the adversary can always correctly determine the correct password via an on-line dictionary attack in which the adversary tries to impersonate one of the parties using each possible password. Although an on-line dictionary attack is not avoidable, the damage it may cause can be mitigated by other means such as limiting the number of failed login attempts. Roughly, a secure password-ba

Recommend Documents

Post-Quantum Constant-Round Group Key Exchange from Static Assumptions

172 102 8MB

SAS-Based Group Authentication and Key Agreement Protocols

166 77 13MB

Risk Balance in Exchange Protocols

146 48 9MB

Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework

161 13 667KB

Flavor in the Standard Model

227 88 219KB

Symmetries in the Standard Model

185 78 8MB

The Clockwork Standard Model

186 82 676KB

Beyond the Standard Model

177 69 20MB

The Unified Standard Model

182 47 528KB

Constant-Size Lattice-Based Group Signature with Forward Security in the Standard Model

162 89 12MB

Authentication and Key Establishment Protocols

159 74 7MB

Forces in the Standard Model and Symmetries

197 105 4MB