Encrypted key exchange: password-based protocols secure against dictionary attacks
Citations
82 citations
Cites methods from "Encrypted key exchange: password-ba..."
...The EKE protocol [ 3 ] then inspired a number of others (e.g., SPEKE [15]; SRP [28]; see also [17])....
[...]
...The EKE protocol [Bellovin and Merritt 1992] then inspired a number of others (e.g., SPEKE [Jablon 1996]; SRP [Wu 1998]; see also Kaufman et al. [2002])....
[...]
82 citations
82 citations
Cites background from "Encrypted key exchange: password-ba..."
...The phrase “execute key agreement” can indicate either Bellovin-Merritt (Bellovin & Merritt 1992), PAK (MacKenzie 2002), or any other secure password-based symmetric mutual authentication....
[...]
...There are now several protocols available that deliver distinct services in various security models, including (Bellovin & Merritt 1992, Gong, Lomas, Needham & Saltzer 1993, Gong 1995, Ford & B. Kaliski 2000, Kaufmann & Perlman 2001, Kwon 2001, MacKenzie 2001, Jiang & Gong 2004, Zhang 2004, Nguyen…...
[...]
...This is explained further in Appendix B. Bellovin and Merritt also give an application of PAKE to secure public encrypted phones (Bellovin & Merritt 1992)....
[...]
...Sometimes the server-file is public (as in UNIX), and sometimes private (as in Bellovin-Merritt (Bellovin & Merritt 1992))....
[...]
...In particular, the Ω-method of Gentry, MacKenzie and Ramzan, is combined with the Bellovin-Merritt protocol to provide mutual authentication (in the random oracle model (Canetti, Goldreich & Halevi 2004, Bellare, Boldyreva & Palacio 2004, Maurer, Renner & Holenstein 2004))....
[...]
80 citations
80 citations
Cites background from "Encrypted key exchange: password-ba..."
...This problem, password authenticated key exchange, comes from papers by Bellovin and Merrit ( [1], [2]) which proposed the first solutions....
[...]
References
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
7,514 citations
2,351 citations
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]