Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Efficiency in the Password-based Authenticated Key Exchange

패스워드 기반 인증 키 공유 프로토콜에서의 효율성

  • 황정연 (고려대학교 정보보호 기술센터) ;
  • 홍석희 (고려대학교 정보보호 기술센터) ;
  • 박혜영 (고려대학교 정보보호 기술센터) ;
  • 장상운 (고려대학교 정보보호 기술센터) ;
  • 박영호 (세종 사이버 대학교) ;
  • 류희수 (한국전자통신연구원)
  • Published : 2002.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

Proposals for a password-based authenticated key exchange protocol that have been published so far almost concentrated on the provable security. But in a real environment such as mobile one, efficiency is a critical issue as security. In this paper we discuss the efficiency of PAK which is secure in the random oracle model [l]. Among 4 hash functions in PAK the instantiation for $H_1$, which outputs a verifier of the password, has most important effect on the computational efficiency. We analyze two different methods for $H_1$ suggested in [1] and we show that $H_{lq}$ has merits in transforming to EC or XTR variants as well as in the efficiency. As an efficient variant. we propose PAK2-EC and PAK2-XTR which do not require any additional step converting a hash output into a point of elliptic curve or XTR subgroup when compared to the previous work on the PAK[2]. Finally we compare PAK2 with the password-based authenticated key exchange protocols such as SPEKE, SRP, and AMP.

지금까지 연구된 패스워드 기반 인증 키 공유 프로토콜에 대한 제안은 대부분이 증명 가능한 안전성 논의에 초점이 맞추어져 있었다. 하지만 모바일(mobile) 환경과 같은 실제적인 환경에서는 안전성만큼이나 효율성은 매우 중요한 논의사항이다. 본 논문에서는 랜덤 오라클(random oracle) 모델에서 안전성이 증명된 $PAK^{[1]}$의 효율성에 대해 논의한다. PAK을 구성하는데 쓰이는 4개의 해쉬 함수 $H_i, (1\leq i\leq 4)$ 가운데 패스워드의 증명자를 생성하는 첫 번째 해쉬 함수는 PAK의 효율성에 가장 중요한 영향을 미친다. [1]에서 제시된 $H_1$의 구성에 대한 두 가지 방법을 분석하고, 위수 q인 또 다른 생성원을 사용하는 $H_{1q}$ 방법이 효율성에 장점을 가짐을 보인다. [2]에서 제안과는 다르게, 패스워드에 대한 해쉬 함수 출력 값을 타원곡선 위의 점 또는 XTR 부분군의 원소로 변환시키는 부가적인 절차를 요구하지 않는 PAK2-EC와 PAK2-XTR을 제시한다. 마지막으로, PAK2 프로토콜을 SPEKE, AMP 그리고 SRP와 같은 패스워드 기반 인증 키 공유 프로토콜들과 계산량을 비교한다.

Keywords

References

  1. The PAK suites : Protocols for Password-Authenticated Key Exchange P. MacKenzie
  2. RSA Conference, Cryptographer's Track More Efficient Password-Authenticated Key Exchange P. MacKenzie
  3. Proceedings of the Symposium on Security and Privacy Encrypted key exchange: Password-based protocols secure against dictionary attacks S. Bellovin;M. Merritt
  4. Advances in Cryptology Eurocrypt'00, Lecture Notes in Computer Science v.1807 Provably secure password-authenticated key exchange using Diffie-Hellman V. Boyko;P. MacKenzie;S. Patal
  5. Advances in Cryptology Eurocrypt'00, Lecture Notes in Computer Science v.1807 Authenticated key exchange secure against dictionary attacks M. Bellare;D. Pointcheaval;P. Rogaway
  6. Advances in Cryptology Asiacrypt'00, Lecture Notes in Computer Science v.1976 Password-authenticated key exchange based on RSA P. MacKenzie;S. Patal;R. Swaminathan https://doi.org/10.1007/3-540-44448-3_46
  7. Advances in Cryptology Eurocrypt'01, Lecture Notes in Computer Science v.2045 Efficient password-authenticated key exchange using human-memorable passwords J. Katz;R. Ostrovsky;M. Yung
  8. Advances in Cryptology Crypto'01, Lecture Notes in Computer Science v.2139 Session-key generation using human passwords only O. Goldreich;Y. Lindell;J. Killian(ed.) https://doi.org/10.1007/3-540-44647-8_24
  9. STOC'87 How to Play Any Mental Geme, or a Completeness Theorem for protocols with an Honest Majority O. Goldreich;S. Micali;A. Wigderson
  10. Advances in Cryptology Crypto'00, Lecture Notes in Computer Science v.435 On-Line/Off-Line Digital Signatures S. Even;O. Goldreich;S. Micali
  11. Advances in Cryptology Crypto'98, Lecture Notes in Computer Science v.1462 A Practical Public Key Cryptosystem Provably Secure Against Chosen Ciphertext Attack R. Cramer;V. Shoup https://doi.org/10.1007/BFb0055717
  12. Math. Comp. v.48 Elliptic curve cryptosystems N. Koblitz https://doi.org/10.2307/2007884
  13. Advances in Cryptology Crypto'85, Lecture Notes in Computer Science v.218 Use of elliptic curves in cryptography V. Miller https://doi.org/10.1007/3-540-39799-X_31
  14. LMS Lecture Note Series 265 Elliptic Curves in Cryptography I. F. Blake;G. Seroussi;N. P. Smart
  15. Advances in Cryptology Crypto'01, Lecture Notes in Computer Science v.2139 Faster Point Multiplication in Cryptology R. P. Gallant;J. L. Lambert;S. A. Vanstone https://doi.org/10.1007/3-540-44647-8_11
  16. Advances in Cryptology Crypto'00, Lecture Notes in Computer Science v.1807 The XTR public key system A. Lenstra;E. Verheul https://doi.org/10.1007/3-540-45539-6_12
  17. Advances in Cryptology Asiacrypt'00, Lecture Notes in Computer Science v.1807 Key improvements to XTR A. Lenstra;E. Verheul https://doi.org/10.1007/3-540-45539-6_12
  18. Seminumerical Algorithms(second edition) v.2 The art of computer programming D.E. Knuth
  19. Advances in Cryptology Asiacrypt'00, Lecture Notes in Computer Science v.1807 Key improvements to XTR A. Lenstra;E. Verheul https://doi.org/10.1007/3-540-45539-6_12
  20. Computer Communication Review, v.26 no.5 Strong Password-Only Authenticated Key Exchange D. Jablon https://doi.org/10.1145/242896.242897
  21. Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises(WET-ICE '97) IEEE Computer Society Extended Password Key Exchange Protocols Immune to Dictionary Attacks D. Jablon
  22. Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium The Secure Remote Password Protocol T. Wu
  23. submission to P1363 T. Kwon