Session-Key Generation Using Human Passwords Only
Oded Goldreich,Yehuda Lindell +1 more
- 19 Aug 2001
- pp 408-432
TL;DR: This work presents session-key generation protocols in a model where the legitimate parties share only a human-memorizable password and states that the security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel, and may omit, insert and modify messages at their choice.
read more
Abstract: We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable to an attack in which an adversary is only allowed to make a constant number of queries of the form "is w the password of Party A". We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not clear whether or not such protocols were attainable without the use of random oracles or additional setup assumptions.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Password-Based authenticated key exchange in the three-party setting
Michel Abdalla,Pierre-Alain Fouque,David Pointcheval +2 more
- 23 Jan 2005
TL;DR: This paper presents a natural generic construction of a three-party protocol, based on any two-party authenticated key exchange protocol, and proves its security without making use of the Random Oracle model, which is the first provably-secure password-based protocol in the three- party setting.
Fast dictionary attacks on passwords using time-space tradeoff
Arvind Narayanan,Vitaly Shmatikov +1 more
- 07 Nov 2005
TL;DR: It is demonstrated that as long as passwords remain human-memorable, they are vulnerable to "smart-dictionary" attacks even when the space of potential passwords is large, calling into question viability of human- Memorable character-sequence passwords as an authentication mechanism.
Password-based authenticated key exchange in the three-party setting
Michel Abdalla,Pierre-Alain Fouque,David Pointcheval +2 more
- 03 Apr 2006
TL;DR: In this paper, a 3-party password-based authenticated key exchange (PAKE) protocol was proposed, in which the users trying to establish a common secret do not share a password between themselves but only with a trusted server.
Simple password-based encrypted key exchange protocols
Michel Abdalla,David Pointcheval +1 more
- 14 Feb 2005
TL;DR: This paper presents two simple password-based encrypted key exchange protocols based on that of Bellovin and Merritt, and one of them is more suitable to scenarios in which the password is shared across several servers, while the other enjoys better security properties.
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model
Joël Alwen,Yevgeniy Dodis,Daniel Wichs +2 more
- 19 Aug 2009
TL;DR: This work builds an efficient three-round AKA in the Random-Oracle Model, which is resilient to key-leakage attacks that can occur prior-to and after a protocol execution, and allows for repeated "invisible updates" of the secret key, allowing for an unlimited amount of leakage overall.
References
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
•Book
Handbook of Applied Cryptography
Alfred Menezes,Scott A. Vanstone,Paul C. van Oorschot +2 more
- 01 Jan 1996
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
15K
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Random oracles are practical: a paradigm for designing efficient protocols
Mihir Bellare,Phillip Rogaway +1 more
- 01 Dec 1993
TL;DR: It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.
5.7K
The knowledge complexity of interactive proof systems
TL;DR: A computational complexity theory of the “knowledge” contained in a proof is developed and examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity.