Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
13 Apr 2003
TL;DR: An algorithm which speeds scalar multiplication on a general elliptic curve by an estimated 3.8% to 8.5% over the best known general methods when using affine coordinates is presented.
Abstract: We present an algorithm which speeds scalar multiplication on a general elliptic curve by an estimated 3.8% to 8.5% over the best known general methods when using affine coordinates. This is achieved by eliminating a field multiplication when we compute 2P +Q from given points P, Q on the curve. We give applications to simultaneous multiple scalar multiplication and to the Elliptic Curve Method of factorization. We show how this improvement together with another idea can speed the computation of the Weil and Tate pairings by up to 7.8%.
19 citations
01 Nov 2013
TL;DR: This paper shows that the 3PAKE protocol introduced by Chang, Hwang, and Yang is insecure against even passive attackers, and proposes two kinds of improvement that can remedy the security flaw in their protocol.
Abstract: Three-party password-authenticated key exchange (3PAKE) protocols allow two clients to establish secure communication channels over a public network merely by sharing a human-memorable (low-entropy) password with a trusted server. In this paper, we first show that the 3PAKE protocol introduced by Chang, Hwang, and Yang is insecure against even passive attackers. Thereafter, we propose two kinds of improvement that can remedy the security flaw in their protocol. Finally, we present simulations to measure the execution time to show the efficiency of our two improvements.
19 citations
Patent•
IBM1
TL;DR: In this paper, a content provider generates a first key which is used to encrypt a second key where the second key will only be encrypted if the user has a one-time password.
Abstract: A method for allowing a content provider to restrict access to data without having to trust a service provider. With this invention a content provider is able to restrict access to data to a specific client using a specific machine. A content provider generates a first key which is used to encrypt a second key where the second key will only be encrypted if the user has a one-time password. The encrypted second key is then stored on the client machine. When the user desires to access the data of the content provider, the second key is decrypted and used to access the data.
19 citations
03 Dec 2012
TL;DR: BetterAuth addresses existing attacks on Web authentication, ranging from network attacks to Cross-site Request Forgery up to Phishing, and can be realized completely in standard JavaScript, allowing Web applications an early adoption, even in a situation with limited browser support.
Abstract: This paper presents "BetterAuth", an authentication protocol for Web applications. Its design is based on the experiences of two decades with the Web. BetterAuth addresses existing attacks on Web authentication, ranging from network attacks to Cross-site Request Forgery up to Phishing. Furthermore, the protocol can be realized completely in standard JavaScript. This allows Web applications an early adoption, even in a situation with limited browser support.
19 citations
TL;DR: A solution of providing the legitimacy and authenticity of freely shared and published online digital data, e.g., digital certificates, cryptographic keys, and common reference strings such as shared passwords using a mix of recently developed innovations which primary include blockchain, smart contract, InterPlanetary File System (IPFS), and quantum-resistant Password-based Authenticated Key Exchange (PAKE) protocol over rings and ideal lattices is presented.
Abstract: Ethereum is a public, open-source, decentralized, and peer-to-peer blockchain-based computing network which is involving to the usefulness of smart contract. It gives a distributed Turing-complete virtual machine in which some codes can be executed by utilizing a worldwide and public network of nodes. The compelled certificate creation and Man-In-The-Middle (MITM) attacks are two major attacks on End-to-End Encryption (EEE) and SSL/TLS. A portion of the real attacks on end-to-end encryption and SSL/TLS is IP/ARP poisoning and the phishing attack. MITM attack makes the client difficult to understand, whether they are associated with a unique verified and secured connection or not. Since the certificate and public-key that is being passed during the connection setup is unreliable and insecure, the attacker can undoubtedly change the data in the certificate and leaves the endorsement of the certificate and public-key to the client. The purpose of this paper is to present a solution of providing the legitimacy and authenticity of freely shared and published online digital data, e.g., digital certificates, cryptographic keys, and common reference strings such as shared passwords using a mix of recently developed innovations which primary include blockchain, smart contract, InterPlanetary File System (IPFS), and quantum-resistant Password-based Authenticated Key Exchange (PAKE) protocol over rings and ideal lattices. Ethereum smart contract is utilized to manage, surveil, and give detectability and visibility into the history of digital data from its beginning to the most recent variant, in a way that it is decentralized and internationally accessed with high integrity, resiliency, and transparency, that we should thank to the immutability and irreversibility of the blockchain. The full code of our smart contract is given, with a discourse on the execution and testing of its key functionalities.
19 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]