Toggle Main Menu Toggle Search

Open Access padlockePrints

ID2S Password-Authenticated Key Exchange Protocols

Lookup NU author(s): Professor Feng Hao



In a two-server password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares of its password in the two servers, respectively, and the two servers then cooperate to authenticate the client without knowing the password of the client. In case one server is compromised by an adversary, the password of the client is required to remain secure. In this paper, we present two compilers that transform any two-party PAKE protocol to a two-server PAKE protocol on the basis of the identity-based cryptography, called ID2S PAKE protocol. By the compilers, we can construct ID2S PAKE protocols which achieve implicit authentication. As long as the underlying two-party PAKE protocol and identity-based encryption or signature scheme have provable security without random oracles, the ID2S PAKE protocols constructed by the compilers can be proven to be secure without random oracles. Compared with the Katz et al.'s two-server PAKE protocol with provable security without random oracles, our ID2S PAKE protocol can save from 22 to 66 percent of computation in each server.

Publication metadata

Author(s): Yi X, Rao FY, Tari Z, Hao F, Bertino E, Khalil I, Zomaya AY

Publication type: Article

Publication status: Published

Journal: IEEE Transactions on Computers

Year: 2016

Volume: 65

Issue: 12

Pages: 3687-3701

Online publication date: 10/04/2016

Acceptance date: 01/04/2016

Date deposited: 14/05/2018

ISSN (print): 0018-9340

ISSN (electronic): 1557-9956

Publisher: IEEE


DOI: 10.1109/TC.2016.2553031


Altmetrics provided by Altmetric