FOUR-PARTY PASSWORD-BASED AUTHENTICATED KEY EXCHANGE PROTOCOL

Fucai Zhou, Jian Xu, Enguang Zhou, and Bin Zhang

Keywords

Passwordbased authentication, authenticated key exchange, Weilpairing, dictionary attacks, maninthemiddle attack

Abstract

Joux first presented a three-party key exchange protocol using bilinear pairing. Due to lack of authentication, the protocol is susceptible to the man-in-the-middle attacks. Since then, many improved protocols have been proposed, which adopt offline certificate mechanism. But the cost of the certificate mechanism is very high. So an efficient and secure four-party password-based authenticated key exchange protocol (4PAKE) using Weil pairing, which supports online mode instead of the offline certificate authentication centre, is proposed in this paper. Therefore, our protocol is quite different from the existing PAKE protocols, because it is securely and efficiently extended three-party case to four-party case with a formal proof of security. Through the analysis and comparison, there is not only no high computation and storage cost for authenticating clients’ identities in our protocol, but also no need for computing multiplicative inverse. Finally, we prove that the 4PAKE protocol fulfils the security requirement in random oracle model and ideal cipher model. So it can provide sufficient security against dictionary attacks, man-in-the-middle attacks and other known attacks.

Important Links:



Go Back