Efficient password-authenticated key exchange based on RSA

Sangjoon Park; Junghyun Nam; Seung-Joo Kim; Dongho Won

Efficient password-authenticated key exchange based on RSA

Sangjoon Park, Junghyun Nam, Seung-Joo Kim, Dongho Won

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper, we propose an efficient password-authenticated key exchange (PAKE) based on RSA, called RSA-EPAKE. Unlike SNAPI using a prime pubic key e greater than an RSA modulus n, RSA-EPAKE uses the public key e of a 96-bit prime, where e = 2H(n, s) +1 for some s. By the Prime Number Theorem, it is easy to find such an s. But the probability that an adversary finds n and s with gcd(e, φ(n)) ≠ 1 is less than 2⁻⁸⁰. Hence, in the same as SNAPI, RSA-EPAKE is also secure against e-residue attacks. The computational load on Alice (or Server) and Bob (or Client) in RSA-EPAKE is less than in the previous RSA-based PAKEs such as SNAPI, PEKEP,CEKEP, and QR-EKE. In addition, the computational load on Bob in RSA-EPAKE is less than in PAKEs based on Diffie-Hellman key exchange (DHKE) with a 160-bit exponent. If we exclude perfect forward secrecy from consideration, the computational load on Alice is a little more than that in PAKEs based on DHKE with a 160-bit exponent. In this paper, we compare RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provide a formal security analysis of RSA-EPAKE under the RSA assumption in the random oracle model.

Original language	English
Title of host publication	Topics in Cryptology
Subtitle of host publication	CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings
Publisher	Springer Verlag
Pages	309-323
Number of pages	15
Volume	4377 LNCS
ISBN (Print)	9783540693277
Publication status	Published - 2007
Externally published	Yes
Event	Cryptographers Track at the RSA Conference, CT-RSA 2007 - San Francisco, United States Duration: 2007 Feb 5 → 2007 Feb 9

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4377 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	Cryptographers Track at the RSA Conference, CT-RSA 2007
Country	United States
City	San Francisco
Period	07/2/5 → 07/2/9

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

Fingerprint Dive into the research topics of 'Efficient password-authenticated key exchange based on RSA'. Together they form a unique fingerprint.

Cite this

Park, S., Nam, J., Kim, S-J., & Won, D. (2007). Efficient password-authenticated key exchange based on RSA. In Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings (Vol. 4377 LNCS, pp. 309-323). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4377 LNCS). Springer Verlag.

Efficient password-authenticated key exchange based on RSA. / Park, Sangjoon; Nam, Junghyun; Kim, Seung-Joo; Won, Dongho.

Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. Vol. 4377 LNCS Springer Verlag, 2007. p. 309-323 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4377 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Park, S, Nam, J, Kim, S-J & Won, D 2007, Efficient password-authenticated key exchange based on RSA. in Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. vol. 4377 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4377 LNCS, Springer Verlag, pp. 309-323, Cryptographers Track at the RSA Conference, CT-RSA 2007, San Francisco, United States, 07/2/5.

Park S, Nam J, Kim S-J, Won D. Efficient password-authenticated key exchange based on RSA. In Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. Vol. 4377 LNCS. Springer Verlag. 2007. p. 309-323. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

Park, Sangjoon ; Nam, Junghyun ; Kim, Seung-Joo ; Won, Dongho. / Efficient password-authenticated key exchange based on RSA. Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. Vol. 4377 LNCS Springer Verlag, 2007. pp. 309-323 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{3f34c81be6eb4340b6f8f5053ea8ad91,

title = "Efficient password-authenticated key exchange based on RSA",

abstract = "In this paper, we propose an efficient password-authenticated key exchange (PAKE) based on RSA, called RSA-EPAKE. Unlike SNAPI using a prime pubic key e greater than an RSA modulus n, RSA-EPAKE uses the public key e of a 96-bit prime, where e = 2H(n, s) +1 for some s. By the Prime Number Theorem, it is easy to find such an s. But the probability that an adversary finds n and s with gcd(e, φ(n)) ≠ 1 is less than 2−80. Hence, in the same as SNAPI, RSA-EPAKE is also secure against e-residue attacks. The computational load on Alice (or Server) and Bob (or Client) in RSA-EPAKE is less than in the previous RSA-based PAKEs such as SNAPI, PEKEP,CEKEP, and QR-EKE. In addition, the computational load on Bob in RSA-EPAKE is less than in PAKEs based on Diffie-Hellman key exchange (DHKE) with a 160-bit exponent. If we exclude perfect forward secrecy from consideration, the computational load on Alice is a little more than that in PAKEs based on DHKE with a 160-bit exponent. In this paper, we compare RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provide a formal security analysis of RSA-EPAKE under the RSA assumption in the random oracle model.",

author = "Sangjoon Park and Junghyun Nam and Seung-Joo Kim and Dongho Won",

year = "2007",

language = "English",

isbn = "9783540693277",

volume = "4377 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "309--323",

booktitle = "Topics in Cryptology",

note = "Cryptographers Track at the RSA Conference, CT-RSA 2007 ; Conference date: 05-02-2007 Through 09-02-2007",

}

TY - GEN

T1 - Efficient password-authenticated key exchange based on RSA

AU - Park, Sangjoon

AU - Nam, Junghyun

AU - Kim, Seung-Joo

AU - Won, Dongho

PY - 2007

Y1 - 2007

N2 - In this paper, we propose an efficient password-authenticated key exchange (PAKE) based on RSA, called RSA-EPAKE. Unlike SNAPI using a prime pubic key e greater than an RSA modulus n, RSA-EPAKE uses the public key e of a 96-bit prime, where e = 2H(n, s) +1 for some s. By the Prime Number Theorem, it is easy to find such an s. But the probability that an adversary finds n and s with gcd(e, φ(n)) ≠ 1 is less than 2−80. Hence, in the same as SNAPI, RSA-EPAKE is also secure against e-residue attacks. The computational load on Alice (or Server) and Bob (or Client) in RSA-EPAKE is less than in the previous RSA-based PAKEs such as SNAPI, PEKEP,CEKEP, and QR-EKE. In addition, the computational load on Bob in RSA-EPAKE is less than in PAKEs based on Diffie-Hellman key exchange (DHKE) with a 160-bit exponent. If we exclude perfect forward secrecy from consideration, the computational load on Alice is a little more than that in PAKEs based on DHKE with a 160-bit exponent. In this paper, we compare RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provide a formal security analysis of RSA-EPAKE under the RSA assumption in the random oracle model.

AB - In this paper, we propose an efficient password-authenticated key exchange (PAKE) based on RSA, called RSA-EPAKE. Unlike SNAPI using a prime pubic key e greater than an RSA modulus n, RSA-EPAKE uses the public key e of a 96-bit prime, where e = 2H(n, s) +1 for some s. By the Prime Number Theorem, it is easy to find such an s. But the probability that an adversary finds n and s with gcd(e, φ(n)) ≠ 1 is less than 2−80. Hence, in the same as SNAPI, RSA-EPAKE is also secure against e-residue attacks. The computational load on Alice (or Server) and Bob (or Client) in RSA-EPAKE is less than in the previous RSA-based PAKEs such as SNAPI, PEKEP,CEKEP, and QR-EKE. In addition, the computational load on Bob in RSA-EPAKE is less than in PAKEs based on Diffie-Hellman key exchange (DHKE) with a 160-bit exponent. If we exclude perfect forward secrecy from consideration, the computational load on Alice is a little more than that in PAKEs based on DHKE with a 160-bit exponent. In this paper, we compare RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provide a formal security analysis of RSA-EPAKE under the RSA assumption in the random oracle model.

UR - http://www.scopus.com/inward/record.url?scp=84964306296&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84964306296&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84964306296

SN - 9783540693277

VL - 4377 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 309

EP - 323

BT - Topics in Cryptology

PB - Springer Verlag

T2 - Cryptographers Track at the RSA Conference, CT-RSA 2007

Y2 - 5 February 2007 through 9 February 2007

ER -