Paper 2005/196

Universally Composable Password-Based Key Exchange

Ran Canetti, Shai Halevi, Jonathan Katz, Yehuda Lindell, and Philip MacKenzie

Abstract

We propose and realize a definition of security for password-based key exchange within the framework of universal composability (UC), thus providing security guarantees under arbitrary composition with other protocols. In addition, our definition captures some aspects of the problem that were not adequately addressed by most prior notions. For instance, our definition does not assume any underlying probability distribution on passwords, nor does it assume independence between passwords chosen by different parties. We also formulate a definition of password-based secure channels, and show how to realize such channels given any password-based key exchange protocol. The password-based key exchange protocol shown here is in the common reference string model and relies on standard number-theoretic assumptions. The components of our protocol can be instantiated to give a relatively efficient solution which is conceivably usable in practice. We also show that it is impossible to satisfy our definition in the "plain" model (e.g., without a common reference string).

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Extended abstract in EUROCRYPT '05. LNCS vol. 3494, pages 404-421. Springer-Verlag, 2005
Keywords
key exchangepassword protocolsuniversal composability
Contact author(s)
shaih @ alum mit edu
History
2005-06-24: received
Short URL
https://ia.cr/2005/196
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/196,
      author = {Ran Canetti and Shai Halevi and Jonathan Katz and Yehuda Lindell and Philip MacKenzie},
      title = {Universally Composable Password-Based Key Exchange},
      howpublished = {Cryptology {ePrint} Archive, Paper 2005/196},
      year = {2005},
      url = {https://eprint.iacr.org/2005/196}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.