ID-Based Group Password-Authenticated Key Exchange
نویسندگان
چکیده
Password-authenticated key exchange (PAKE) protocols are designed to be se-cure even when the secret key used for authentication is a human-memorable password. In thispaper, we consider PAKE protocols in the group scenario, in which a group of clients, each ofthem shares a password with an “honest but curious” server, intend to establish a common secretkey (i.e., a group key) with the help of the server. In this setting, the key established is knownto the clients only and no one else, including the server. Each client needs to remember pass-words only while the server keeps passwords in addition to private keys related to his identity.Towards our goal, we present a compiler that transforms any group key exchange (KE) protocolsecure against a passive eavesdropping to a group PAKE which is secure against an active ad-versary who controls all communication in the network. This compiler is built on any group KEprotocol (e.g., the Burmester-Desmedt protocol), any identity-based encryption (IBE) scheme(e.g., Gentry’s scheme), and any identity-based signature (IBS) scheme (e.g., Paterson-Schuldtscheme). It adds only two rounds and O(1) communication (per client) to the original groupKE protocol. As long as the underlying group KE protocol, IBE scheme and an IBS schemehave provably security without random oracles, a group PAKE constructed by our compiler canbe proven to be secure without random oracles.
منابع مشابه
Group Password-Authenticated Key Exchange from Identity-Based Cryptosystem
Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKE protocols in the group scenario, in which a group of clients, each of them shares a password with an “honest but curious” server, intend to establish a common secret key (i.e., a group key) with the help of...
متن کاملPassword Based Key Exchange with Hidden Elliptic Curve Public Parameters
We here describe a new Password-based Authenticated Key Exchange (PAKE) protocol based on elliptic curve cryptography. We prove it secure in the Bellare-Pointcheval-Rogaway (BPR) model. A significant novelty in our work is that our proposal is conceived in a such a way that it ensures that the elliptic curve public parameters remain private. This is important in the context of ID contactless de...
متن کاملNew Anonymity Notions for Identity-Based Encryption
Identity-based encryption is a very convenient tool to avoid key management. Recipient-privacy is also a major concern nowadays. To combine both, anonymous identity-based encryption has been proposed. This paper extends this notion to stronger adversaries (the authority itself). We discuss this new notion, together with a new kind of non-malleability with respect to the identity, for several ex...
متن کاملAuthenticated ID-based Key Exchange and remote log-in with simple token and PIN number
Authenticated key exchange protocols tend to be either token based or password based. Token based schemes are often based on expensive (and irreplaceable) smart-card tokens, while password-only schemes require that a unique password is shared between every pair of correspondents. The magnetic strip swipe card and associated PIN number is a familiar and convenient format that motivates a combine...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2007 شماره
صفحات -
تاریخ انتشار 2007