1 / 13

Research on Password-Authenticated Group Key Exchange

Research on Password-Authenticated Group Key Exchange. Jeong Ok Kwon , Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai ( Kyushu Univ. ) March 5 , 2006. sk. sk. data privacy/integrity. Motivation.

darcie
Download Presentation

Research on Password-Authenticated Group Key Exchange

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research on Password-Authenticated Group Key Exchange Jeong Ok Kwon, Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai (Kyushu Univ.) March5,2006

  2. sk sk data privacy/integrity Motivation • A fundamental problem in cryptography is how to communicate securely over an insecure channel.

  3. Motivation How can we obtain a secret session key? • Public-key encryption or signature • too high for certain applications • Password-AuthenticatedKey Exchange (PAKE) • PAKE allows to share a secret key between specified parties using just a human-memorable password. • convenience, mobility, and less hardware requirement • no security infrastructure

  4. Classification of PAKE

  5. Our research topic on PAKE • - Password-AuthenticatedGroup Key Exchange (PAGKE) -

  6. pw • pw • pw • pw PAGKE : Setting • A broadcast group consisting of a set of users • each user holds a low-entropy secret (pw) Group with sk

  7. Previous Works • “Efficient Password-Based Group Key Exchange” (Trust-Bus ’04) - S. M. Lee, J. Y. Hwang, and D. H. Lee. • a provably secure constant-round PAGKE protocol • forward-secure and secure against known-key attacks • ideal-cipherand ideal-hash assumptions • “Password-based Group Key Exchange in a Constant Number of Rounds” (PKC ’06) -Abdalla, E. Bresson, O. Chevassut, and D. Pointcheval. • a provably secureconstant-round PAGKE protocol • secure against known-key attacks • ideal-cipherand ideal-hash assumptions

  8. Our Goal • The focus of this work is to provide a provably-secureconstant-roundPAGKE protocolwithout using the random oracle model.

  9. Preliminary for protocol • Public information • G : a finite cyclic group has order q • p : a safe prime such that p=2q+1 • g1,g2 : generators of G • H : a one-way hash function • F :a pseudo random functionfamily

  10. Burmester and Desmedt’s Protocol U1 U2 U3 U4 R1 R2 M. Burmester and Y. Desmedt. “A Secure and Efficient Conference Key Distribution System,” In Proc. ofEUROCRYPT ’94.

  11. Protocol U1 U2 U3 U4 R1 R2

  12. Security Measurement • Security theorem where t is the maximum total game time including an adversary’s running time, and an adversary makes qex execute-queries, qse send-queries. n is the upper bound of the number of the parties in the game, Nsis the upper bound of the number of sessions that an adversary makes, PW is the size of a password space. • Under the intractability assumption of the DDHproblem and if Fis a secure pseudo random function family, the proposed protocol is secure against dictionary attacks and known-key attacks,and providesforward secrecy.

  13. Thank you ! Jeong Ok Kwon(pitapat@korea.ac.kr)

More Related