### Abstract

In this paper, we propose an efficient password-authenticated key exchange (PAKE) based on RSA, called RSA-EPAKE. Unlike SNAPI using a prime pubic key e greater than an RSA modulus n, RSA-EPAKE uses the public key e of a 96-bit prime, where e = 2H(n, s) +1 for some s. By the Prime Number Theorem, it is easy to find such an s. But the probability that an adversary finds n and s with gcd(e, φ(n)) ≠ 1 is less than 2^{−80}. Hence, in the same as SNAPI, RSA-EPAKE is also secure against e-residue attacks. The computational load on Alice (or Server) and Bob (or Client) in RSA-EPAKE is less than in the previous RSA-based PAKEs such as SNAPI, PEKEP,CEKEP, and QR-EKE. In addition, the computational load on Bob in RSA-EPAKE is less than in PAKEs based on Diffie-Hellman key exchange (DHKE) with a 160-bit exponent. If we exclude perfect forward secrecy from consideration, the computational load on Alice is a little more than that in PAKEs based on DHKE with a 160-bit exponent. In this paper, we compare RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provide a formal security analysis of RSA-EPAKE under the RSA assumption in the random oracle model.

Original language | English |
---|---|

Title of host publication | Topics in Cryptology |

Subtitle of host publication | CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings |

Publisher | Springer Verlag |

Pages | 309-323 |

Number of pages | 15 |

Volume | 4377 LNCS |

ISBN (Print) | 9783540693277 |

Publication status | Published - 2007 |

Externally published | Yes |

Event | Cryptographers Track at the RSA Conference, CT-RSA 2007 - San Francisco, United States Duration: 2007 Feb 5 → 2007 Feb 9 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 4377 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Other

Other | Cryptographers Track at the RSA Conference, CT-RSA 2007 |
---|---|

Country | United States |

City | San Francisco |

Period | 07/2/5 → 07/2/9 |

### ASJC Scopus subject areas

- Theoretical Computer Science
- Computer Science(all)

## Fingerprint Dive into the research topics of 'Efficient password-authenticated key exchange based on RSA'. Together they form a unique fingerprint.

## Cite this

*Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings*(Vol. 4377 LNCS, pp. 309-323). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4377 LNCS). Springer Verlag.