Abstract
Goldreich and Lindell (CRYPTO ’01) recently presented the first protocol for password-authenticated key exchange in the standard model (with no common reference string or set-up assumptions other than the shared password). However, their protocol uses several heavy tools and has a complicated analysis.
We present a simplification of the Goldreich–Lindell (GL) protocol and analysis for the special case when the dictionary is of the form \(\mathcal{D}=\{0,1\}^{d}\) i.e., the password is a short string chosen uniformly at random (in the spirit of an ATM PIN number). The security bound achieved by our protocol is somewhat worse than the GL protocol. Roughly speaking, our protocol guarantees that the adversary can “break” the scheme with probability at most \(O(\mathrm{poly}(n)/|\mathcal{D}|)^{\Omega(1)}\) , whereas the GL protocol guarantees a bound of \(O(1/|\mathcal{D}|)\) .
We also present an alternative, more natural definition of security than the “augmented definition” of Goldreich and Lindell, and prove that the two definitions are equivalent.
Article PDF
Similar content being viewed by others
References
B. Barak, Constant-Round Coin-Tossing with a Man in the Middle or Realizing the Shared Random String Model, in IEEE Symposium on Foundations of Computer Science (2002), pp. 345–355
M. Bellare, D. Pointcheval, P. Rogaway, Authenticated Key Exchange Secure against Dictionary Attacks, in Advances in Cryptology—Eurocrypt 2000 Proceedings. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 139–155
M. Bellare, P. Rogaway, Entity Authentication and Key Distribution, in Advances in Cryptology—Crypto 93 Proceedings. Lecture Notes in Computer Science, vol. 773 (Springer, Berlin, 1994), pp. 232–249
S. Bellovin, M. Merritt, Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks, in ACM/IEEE Symposium on Research in Security and Privacy (1992), pp. 72–84
S. Bellovin, M. Merritt, Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise, in ACM Conference on Computer and Communications Security (1993), pp. 244–250
M. Boyarsky, Public-Key Cryptography and Password Protocols: The Multi-User Case, in ACM Conference on Computer and Communications Security (1999), pp. 63–72
V. Boyko, P. MacKenzie, S. Patel, Provably Secure Password-Authenticated Key Exchange Using Diffie–Hellman, in Advances in Cryptology—Eurocrypt 2000 Proceedings. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 156–171
R. Canetti, Universally Composable Security: A New Paradigm for Cryptographic Protocols, in IEEE Symposium on Foundations of Computer Science (2001), pp. 136–145
B. Chor, O. Goldreich, Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity, SIAM J. Comput. 17(2), 230–261 (1988)
W. Diffie, M. Hellman, New Directions in Cryptography, IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Y. Dodis, R. Oliveira, On Extracting Private Randomness over a Public Channel. Approximation, Randomization, and Combinatorial Optimization, in Proc. of APPROX 2003 and RANDOM 2003. Lecture Notes in Computer Science, vol. 2764 (Springer, Berlin, 2003), pp. 252–263
Y. Dodis, A. Elbaz, R. Raz, R. Oliveira, Improved Randomness Extraction from Two Independent Sources. Approximation, Randomization, and Combinatorial Optimization, in Proc. of APPROX 2004 and RANDOM 2004. Lecture Notes in Computer Science, vol. 3122 (Springer, Berlin, 2004)
R. Gennaro, Y. Lindell, A Framework for Password-Based Authenticated Key Exchange, in Advances in Cryptology—Eurocrypt 2003 Proceedings. Lecture Notes in Computer Science, vol. 2656 (Springer, Berlin, 2003), pp. 524–543
O. Goldreich, Foundations of Cryptography, vol. 2 (Cambridge University Press, Cambridge, 2004)
O. Goldreich, Y. Lindell, Session-Key Generation Using Human Passwords Only, in Advances in Cryptology—Crypto 2001 Proceedings. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 408–432. Full version to appear in Journal of Cryptology
S. Goldwasser, S. Micali, Probabilistic Encryption, J. Comput. Syst. Sci. 28(2), 270–299 (1984)
S. Halevi, H. Krawczyk, Public-Key Cryptography and Password Protocols, in ACM Conference on Computer and Communications Security (1998), pp. 122–131
J. Katz, R. Ostrovsky, M. Yung, Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords, in Advances in Cryptology—Eurocrypt 2001 Proceedings. Lecture Notes in Computer Science, vol. 2045 (Springer, Berlin, 2001), pp. 475–494
P. MacKenzie, S. Patel, R. Swaminathan, Password Authenticated Key Exchange Based on RSA, in ASIACRYPT (2000), pp. 599–613
S. Micali, C. Rackoff, B. Sloan, The Notion of Security for Probabilistic Cryptosystems, SIAM J. Comput. 17, 412–426 (1988)
M. Naor, B. Pinkas, Oblivious Transfer and Polynomial Evaluation, in ACM Symposium on Theory of Computing (1999), pp. 245–254
M.-H. Nguyen, S. Vadhan, Simpler Session-Key Generation from Short Random Passwords, in Proceedings of the First Theory of Cryptography Conference (TCC ’04). Lecture Notes in Computer Science, vol. 2951 (Springer, Berlin, 2004), pp. 428–445
N. Nisan, D. Zuckerman, Randomness is Linear in Space, J. Comput. Syst. Sci. 52(1), 43–52 (1996)
R. Richardson, J. Kilian, On the Concurrent Composition of Zero-Knowledge Proofs, in Advances in Cryptology—Eurocrypt 99 Proceedings. Lecture Notes in Computer Science, vol. 1592 (Springer, Berlin, 1999), pp. 415–431
V. Shoup, On Formal Models for Secure Key Exchange, Cryptology ePrint Archive Report 1999/012 (1999)
A. Srinivasan, D. Zuckerman, Computing with Very Weak Random Sources, SIAM J. Comput. 28(4), 1453–1459 (1999)
M. Steiner, G. Tsudik, M. Waidner, Refinement and Extension of Encrypted Key Exchange, Oper. Syst. Rev. 29(3), 22–30 (1995)
A. Yao, How to Generate and Exchange Secrets, in IEEE Symposium on Foundations of Computer Science (1986), pp. 162–167
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Oded Goldreich
An extended abstract of this paper appeared in the First Theory of Cryptography Conference (TCC ’04) [22].
Minh-Huyen Nguyen: Supported by NSF grant CCR-0205423 and ONR grant N00014-04-1-0478.
Salil Vadhan: Supported by NSF grant CCR-0205423, a Sloan Research Fellowship, and ONR grant N00014-04-1-0478. Part of this work done while at the Radcliffe Institute for Advanced Study.
Rights and permissions
About this article
Cite this article
Nguyen, MH., Vadhan, S. Simpler Session-Key Generation from Short Random Passwords. J Cryptol 21, 52–96 (2008). https://doi.org/10.1007/s00145-007-9008-4
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-007-9008-4