Efficient and provably secure client-to-client password-based key exchange protocol

Jin Wook Byun, Dong Hoon Lee, Jong In Lim

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    24 Citations (Scopus)

    Abstract

    We study client-to-client password-authenticated key exchange (C2C-PAKE) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented C2C-PAKE schemes under the cross-realm setting. However, the schemes were not formally treated, and subsequently found to be flawed. In addition, in the schemes, there are still rooms for improvements both in computational and communicational aspects. In this paper we suggest an efficient C2C-PAKE (EC2C-PAKE) protocol, and prove that EC2C-PAKE protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.

    Original languageEnglish
    Title of host publicationFrontiers of WWW Research and Development - APWeb 2006 - 8th Asia-Pacific Web Conference, Proceedings
    Pages830-836
    Number of pages7
    DOIs
    Publication statusPublished - 2006
    Event8th Asia-Pacific Web Conference, APWeb 2006: Frontiers of WWW Research and Development - Harbin, China
    Duration: 2006 Jan 162006 Jan 18

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume3841 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Other

    Other8th Asia-Pacific Web Conference, APWeb 2006: Frontiers of WWW Research and Development
    Country/TerritoryChina
    CityHarbin
    Period06/1/1606/1/18

    Keywords

    • Authenticated key exchange
    • Dictionary attacks
    • Different password authentication
    • Human memorable password
    • Mobile computing

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • General Computer Science

    Fingerprint

    Dive into the research topics of 'Efficient and provably secure client-to-client password-based key exchange protocol'. Together they form a unique fingerprint.

    Cite this