Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols

Phan, Raphaël C.‐W.; Goi, Bok‐Min

doi:10.1007/11941378_9

Cited by 22 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the Corrupt query [14,15], or improperly defining the adversarial game [10] may result in a security proof that fails to capture valid attacks (see [10,14,15,32,33] for more details).…”

Section: Related Workmentioning

confidence: 99%

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Phan

Yau

Goi

2008

Information Sciences

Self Cite

View full text Add to dashboard Cite

“…the Corrupt query [14,15], or improperly defining the adversarial game [10] may result in a security proof that fails to capture valid attacks (see [10,14,15,32,33] for more details).…”

Section: Related Workmentioning

confidence: 99%

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Phan

Yau

Goi

2008

Information Sciences

Self Cite

View full text Add to dashboard Cite

“…For example, Steiner et al's, Abdalla et al's [3], Byun et al's [4] and Yin et al's [5] protocols cannot resist the password guessing attacks [6] [7]. Lin et al [8] and Ding et al [9] thought that the password guessing attacks have three classes:…”

Section: Introductionmentioning

confidence: 99%

“…Since it is widely used to send secret messages using the session key among parties over an insecure public network, therefore, lots of key exchange protocols have been proposed [3][4][5][6][7][8].…”

Section: Introductionmentioning

confidence: 99%

Improvement of a Three-party Key Exchange Protocol

Lin

Xie

2009

2009 Second Pacific-Asia Conference on Web Mining and Web-Based Application

View full text Add to dashboard Cite

Recently ， Lu and Cao proposed a novel threeparty key exchange protocol. Guo et al pointed out that their protocol cannot resist man-in-the-middle attack and undetectable on-line dictionary attack, and then an improved protocol was proposed in 2008.However, we show that Guo et al's protocol is still vulnerable to undetectable on-line dictionary attack. To overcome the security flaw, an improved scheme is proposed.

show abstract

“…However, S. Wang et al subsequently found the protocol due to Byun et al was insecure [22]. Later, two schemes for password-authenticated key establishment in a cross-realm setting were proposed in [24,25] but both of them were still pointed out to be insecure in [26]. To the best of our knowledge, no more work address the problem in the cross-realm setting and achieves provable security.…”

Section: Introductionmentioning

confidence: 99%

Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting

Zhu

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The area of password-based authenticated key exchange protocols has been the subject of a vast amount of work in the last few years due to its practical aspects. AuthA is an example of such a technology considered for standardization by the IEEE P1363.2 working group. Unfortunately in its current form AuthA, including some variants, only considered the classic client and server (2-party) scenarios. In this paper, based on a variant of AuthA, we consider a quite different paradigm from the existing ones and propose a provably secure password-authenticated key exchange protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. In our protocol, any honest server is unable to gain any information on the value of that session key. Moreover, our protocol is reasonably efficient and has a per-user computational cost that is comparable to that of the underlying 2-party encrypted key exchange.

show abstract

Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols

Cited by 22 publications

References 27 publications

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Improvement of a Three-party Key Exchange Protocol

Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting

Contact Info

Product

Resources

About