A Secure Construction for Threshold Anonymous Password-Authenticated Key Exchange

SeongHan SHIN  Kazukuni KOBARA  Hideki IMAI  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E91-A   No.11   pp.3312-3324
Publication Date: 2008/11/01
Online ISSN: 1745-1337
DOI: 10.1093/ietfec/e91-a.11.3312
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Cryptography and Information Security
password authentication,  key exchange,  PAKE,  anonymity,  provable security,  

Full Text: PDF(402.8KB)
>>Buy this Article

At Indocrypt 2005, Viet et al.[21], have proposed an anonymous password-authenticated key exchange (PAKE) protocol and its threshold construction both of which are designed for client's password-based authentication and anonymity against a passive server, who does not deviate the protocol. In this paper, we first point out that their threshold construction is completely insecure against off-line dictionary attacks. For the threshold t > 1, we propose a secure threshold anonymous PAKE (for short, TAP) protocol with the number of clients n upper-bounded, such that n 2 -1, where N is a dictionary size of passwords. We rigorously prove that the TAP protocol has semantic security of session keys in the random oracle model by showing the reduction to the computational Diffie-Hellman problem. In addition, the TAP protocol provides unconditional anonymity against a passive server. For the threshold t=1, we propose an efficient anonymous PAKE protocol that significantly improves efficiency in terms of computation costs and communication bandwidth compared to the original (not threshold) anonymous PAKE protocol [21].