Simple Anonymous Password-Based Authenticated Key Exchange (SAPAKE), Reconsidered

SeongHan SHIN  Kazukuni KOBARA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E100-A   No.2   pp.639-652
Publication Date: 2017/02/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E100.A.639
Type of Manuscript: PAPER
Category: Cryptography and Information Security
password,  authentication,  anonymity,  provable security,  

Full Text: PDF(926.7KB)
>>Buy this Article

Anonymous password-based authentication protocols are designed to provide not only password-based authentication but also client anonymity. In [22], Qian et al. proposed a simple anonymous password-based authentication protocol (SAPAKE). In this paper, we reconsider the SAPAKE protocol [22] by first showing that an (third party) active attacker can impersonate the server and compute a session key with probability 1. After giving a formal model that captures such attacks, we propose a simple and secure anonymous password-based authentication (for short, S2APA) protocol that provides security against modification attacks on protocol-specific values and is more efficient than YZWB09/10 [32], [33] and SAPAKE [22]. Also, we prove that the S2APA protocol is AKE-secure against active attacks as well as modification attacks under the computational Diffie-Hellman problem in the random oracle model, and provides unconditional client anonymity against a semi-honest server, who honestly follows the protocol.