Abstract
We consider the security of the n-party EKE-U and EKE-M protocols proposed by Byun and Lee at ACNS ’05. We show that EKE-U is vulnerable to an impersonation attack, offline dictionary attack and undetectable online dictionary attack. Surprisingly, even the strengthened variant recently proposed by the same designers to counter an insider offline dictionary attack by Tang and Chen, is equally vulnerable. We also show that both the original and strengthened EKE-M variants do not provide key privacy, a criterion desired by truly contributory key exchange schemes and recently formalized by Abdalla et al. We discuss ways to protect EKE-U against our attacks and argue that the strengthened EKE-U scheme shows the most potential as a provably secure n-party PAKE.
Chapter PDF
Similar content being viewed by others
Keywords
References
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-Based Authenticated Key Exchange in the Three-Party Setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Baek, J., Kim, K.: Remarks on the Unknown Key-share Attacks. IEICE Transactions on Fundamentals E83-A(12), 2766–2769 (2000)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Provably Secure Key Distribution - the Three Party Case. In: Proc. ACM-SToC 1996, pp. 72–84 (1996)
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks. In: Proc. IEEE S&P 1992, pp. 72–84. IEEE Press, Los Alamitos (1992)
Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497–514. Springer, Heidelberg (2002)
Byun, J.W., Lee, D.-H.: N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 75–90. Springer, Heidelberg (2005)
Byun, J.W., Lee, D.H.: Comments on Weaknesses in Two Group Diffie-Hellman Key Exchange Protocols. IACR ePrint Archive, 2005/209 (2005)
Choi, J.-G., Sakurai, K., Park, J.-H.: Does It Need Trusted Third Party? Design of Buyer-Seller Watermarking Protocol without Trusted Third Party. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 265–279. Springer, Heidelberg (2003)
Diffie, W., van Oorschot, P., Wiener, M.: Authentication and Authenticated Key Exchanges. Design, Codes and Cryptography 2(2), 107–125 (1992)
Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Franklin, M.K., Reiter, M.K.: Fair Exchange with a Semi-trusted Third Party (Extended Abstract). In: Proc. ACM-CCS 1997, pp. 1–5 (1997)
Jablon, D.: Strong Password-only Authenticated Key Exchange. ACM Computer Communications Review 20(5), 5–26 (1996)
Kaliski Jr., B.S.: An Unknown Key-share Attack on the MQV Key Agreement Protocol. ACM Transactions on Information and System Security 4(3), 275–288 (2001)
Katz, J., Shin, J.S.: Modeling Insider Attacks on Group Key-Exchange Protocols. In: Proc. ACM-CCS 2005, pp. 180–189 (2005)
Lin, C.-L., Sun, H.-M., Hwang, T.: Three-Party Encrypted Key Exchange: Attacks and a Solution. ACM Operating Systems Review 34(4), 12–20 (2000)
Lin, C.-L., Sun, H.-M., Steiner, M., Hwang, T.: Three-Party Encrypted Key Exchange Without Server Public-Keys. IEEE Communication Letters 5(12), 497–499 (2001)
Saeednia, S., Safavi-Naini, R.: Efficient Identity-Based Conference Key Distribution Protocols. In: Boyd, C., Dawson, E. (eds.) ACISP 1998. LNCS, vol. 1438, pp. 320–331. Springer, Heidelberg (1998)
Shmatikov, V., Mitchell, J.C.: Finite-state Analysis of Two Contract Signing Protocols. Theoretical Computer Science 283(2), 419–450 (2002)
Steiner, M., Tsudik, G., Waider, M.: Refinement and Extension of Encrypted Key Exchange. ACM Operating Systems Review 29(3), 22–30 (1995)
Tang, Q., Chen, L.: Weaknesses in Two Group Diffie-Hellman Key Exchange Protocols. IACR ePrint Archive, 2005/197 (2005)
Zhou, J., Bao, F., Deng, R.: Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 96–110. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Phan, R.C.W., Goi, BM. (2006). Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Zhou, J., Yung, M., Bao, F. (eds) Applied Cryptography and Network Security. ACNS 2006. Lecture Notes in Computer Science, vol 3989. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767480_15
Download citation
DOI: https://doi.org/10.1007/11767480_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34703-3
Online ISBN: 978-3-540-34704-0
eBook Packages: Computer ScienceComputer Science (R0)