Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROCRYPT
2000
Springer
2000
Springer
Authenticated Key Exchange Secure against Dictionary Attacks
Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. While several such protocols have been suggested, the underlying theory has been lagging. We begin by defining a model for this problem, one rich enough to deal with password guessing, forward secrecy, server compromise, and loss of session keys. The one model can be used to define various goals. We take AKE (with "implicit" authentication) as the "basic" goal, and we give definitions for it, and for entity-authentication goals as well. Then we prove correctness for the idea at the center of the Encrypted Key-Exchange (EKE) protocol of Bellovin and Merritt: we prove security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
Real-time TrafficAuthenticated Key Exchange | Cryptology | EUROCRYPT 2000 | Password-based Protocols | Possible Passwords |
Related Content
| Added | 24 Aug 2010 |
| Updated | 24 Aug 2010 |
| Type | Conference |
| Year | 2000 |
| Where | EUROCRYPT |
| Authors | Mihir Bellare, David Pointcheval, Phillip Rogaway |
Comments (0)
Researcher Info
|
