Abstract:
Schemes for encrypted key exchange are designed to provide two entities
communicating over a public network, and sharing a (short) password
only, with a session key to be used to achieve data integrity and/or
message confidentiality. An example of a very efficient and
``elegant'' scheme for encrypted key exchange considered for
standardization by the IEEE P1363 Standard working group is AuthA. This
scheme was conjectured secure when the symmetric-encryption primitive
is instantiated via either a cipher that closely behaves like an
``ideal cipher'', or a mask generation function that is the product of
the message with a hash of the password. While the security of this
scheme in the former case has been recently proven, the latter case was
still an open problem. For the first time we prove in this paper that
this scheme is secure under the assumptions that the hash function
closely behaves like a random oracle and that the computational
Diffie-Hellman problem is difficult. Furthermore, since
Denial-of-Service (DoS) attacks have become a common threat we enhance
AuthA with a mechanism to protect against them.
Keywords:
Reference:
Proceedings of the International Workshop on Practice and Theory in
Public Key Cryptography (PKC),
March 1-4, Singapore, 2004, pp ??.
Full paper: PostScript, Compressed PostScript. PDF, Compressed PDF.
Presentation: PDF.
Related papers:
E. Bresson, O. Chevassut and D. Pointcheval, "Security Proofs for an
Efficient Password-based Key Exchange", ACM Conference on Computer and
Communications Security,
October 27-30, Washington, DC, USA, 2003.
[an error occurred while processing this directive]