A new client-to-client password-authenticated key agreement protocol. (English) Zbl 1248.94103

Chee, Yeow Meng (ed.) et al., Coding and cryptology. Second international workshop, IWCC 2009, Zhangjiajie, China, June 1–5, 2009. Proceedings. Berlin: Springer (ISBN 978-3-642-01813-8/pbk). Lecture Notes in Computer Science 5557, 63-76 (2009).
Summary: Client-to-client password-authenticated key agreement (C2C-PAKA) protocol deals with the authenticated key agreement process between two clients of different realms, who only share their passwords with their own servers. Recently, J. W. Byun et al. [Inf. Sci. 177, No. 19, 3995–4013 (2007; Zbl 1142.94366)] proposed an efficient C2C-PAKA protocol and carried a claimed proof of security in a formal model of communication and adversarial capabilities. In this paper, we show that the protocol is insecure against password-compromise impersonation attack and the claim of provable security is seriously incorrect. To draw lessons from these results, we revealed fatal flaws in Byun et al.’s security model and their proof of security. Then, we modify formal security model and corresponding security definitions. In addition, a new cross-realm C2C-PAKA protocol is presented with security proof.
For the entire collection see [Zbl 1167.94001].


94A62 Authentication, digital signatures and secret sharing


Zbl 1142.94366


Full Text: DOI


[1] Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000) · Zbl 1082.94533 · doi:10.1007/3-540-45539-6_11
[2] Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000) · Zbl 1082.94535 · doi:10.1007/3-540-45539-6_12
[3] Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using uuman-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001) · Zbl 1010.94555 · doi:10.1007/3-540-44987-6_29
[4] Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proc. of the Symposium on Security and Privacy, IEE, pp. 72–84 (1992) · doi:10.1109/RISP.1992.213269
[5] Byun, J.W., Lee, D.H., Lim, J.: Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 830–836. Springer, Heidelberg (2006) · doi:10.1007/11610113_81
[6] Yin, Y., Bao, L.: Secure Cross-Realm C2C-PAKE Protocol. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 395–406. Springer, Heidelberg (2006) · Zbl 1176.94063 · doi:10.1007/11780656_33
[7] Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002) · Zbl 1023.94520 · doi:10.1007/3-540-36159-6_12
[8] Chen, L.: A weakness of the password-authenticated key agreement between clients with different passwords scheme, ISO/IEC JTC 1/SC27 N3716
[9] Wang, S., Wang, J., Xu, M.: Weakness of a password-authenticated key exchange protocol between clients with different passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004) · Zbl 1103.68542 · doi:10.1007/978-3-540-24852-1_30
[10] Kim, J., Kim, S., Kwak, J., Won, D.: Cryptoanalysis and improvements of password authenticated key exchange scheme between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3044, pp. 895–902. Springer, Heidelberg (2004) · Zbl 1107.68417 · doi:10.1007/978-3-540-24707-4_102
[11] Phan, R.C.-W., Goi, B.: Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005) · Zbl 1126.68411 · doi:10.1007/11496137_3
[12] Yoon, E.J., Yoo, K.Y.: A secure password-authenticated key exchange between clients with different passwords. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 659–663. Springer, Heidelberg (2006) · doi:10.1007/11610496_88
[13] Byun, J.W., Lee, D.H., Lim, J.I.: EC2C-PAKA: An efficient client-to-client password-authenticated key agreement. Information Science 177, 3995–4013 (2007) · Zbl 1142.94366 · doi:10.1016/j.ins.2007.03.024
[14] Abdalla, M., Fouque, P.A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005) · Zbl 1081.94513 · doi:10.1007/978-3-540-30580-4_6
[15] Goldreich, O.: Foundation of cryptography, vol. 2. Cambridge University Press, Cambridge (2004) · Zbl 1068.94011 · doi:10.1017/CBO9780511721656
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.