- 期刊
Proof of Forward Security for Password-Based Authenticated Key Exchange
並列摘要
Recently, M. Abdalla et al. proposed a slightly different variant of AuthA, based on the scheme proposed by E. Bresson et al., and provided the first complete proof of forward-secrecy for AuthA. They claimed that under the Gap Diffie-Hellman assumption the variant of AuthA was forward-secure in the random-oracle model. In this paper, we present an active attack to reveal a previously unpublished flaw in their proof. To fix their proof, we have to introduce one more variant Diffie-Hellman assumption. If so, we found the scheme proposed by E. Bresson et al. could be proved forward secure as well. Since the proposal of E. Bresson et al. is simpler for implementation in practice, we only provided the rigorous proof of forward security for it.
延伸閱讀
- Liao, Y. P. (2010). SECURE PASSWORD AUTHENTICATED KEY EXCHANGE PROTOCOLS FOR VARIOUS ENVIRONMENTS [doctoral dissertation, Tatung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0081-3001201315104936
- Tsai, C. H. (2009). A Provable Server-Triggering Password-based Authenticated Key Exchange Protocol [master's thesis, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2009.00209
- Thandra, P. K., Rajan, J., & Murty, S. A. V. S. (2016). Cryptanalysis of an Efficient Password Authentication Scheme. International Journal of Network Security, 18(2), 362-368. https://doi.org/10.6633/IJNS.201603.18(2).18
- Lai, C. F., Wu, T. C., & Tsai, K. Y. (2011). New Password-based Remote Authentication Scheme with User Anonymity. In 中華民國資訊安全學會 (Ed.), 全國資訊安全會議 (pp. 356-360). 中華民國資訊安全學會. https://doi.org/10.29615/CISC.201105.0356
- 廖宜平(2011)。Designing a Client-to-client Password-Authenticated Key Exchange Protocol〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2011.00282