Abstract
We investigate password authenticated key exchange (PAKE) protocols in low resource environments, such as smartcards or mobile devices. In such environments, particularly in the future, it may be that the cryptosystems available for signatures and/or encryptions will be based on elliptic curves, because of their well-known advantages with regard to processing and size constraints. As a result, any PAKE protocols which the device requires should also preferably be implemented over elliptic curves. We show that the direct elliptic curve (EC) analogs of some PAKE protocols are insecure against partition attacks. We go on to propose a new EC based PAKE protocol. A modified version of the protocol for highly constrained devices, such as smartcards, is also presented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In Advances in Cryptology-Eurocrypt’2000, pages 139–155. LNCS vol. 1807, Springer-Verlag, 2000.
Mihir Bellare and Phillip Rogaway. The AuthA protocol for password-based authenticated key exchange. In Submission to IEEE P1363 study group, 2000.
S. Bellovin and M. Merritt. Encrypted key exchange: Password based protocol secure against dictionary attackes. In Proceedings of the Symposium on Security and Privacy, pages 72–84. IEEE, 1992.
V. Boyko, P. MacKenzie, and S. Patel. Provably secure password-authenticated key exchange. In Advances in Cryptology-Eurocrypt’2000, pages 156–171. LNCS vol. 1807, Springer-Verlag, 2000.
D. Jablon. Strong password-only authenticated key exchange. ACM Computer Communication Review, 26(5):5–20, 1996.
S. Patel. Number theoretic attacks on secure password schemes. In Proceedings of the Symposium on Security and Privacy, pages 236–247. IEEE, 1997.
S. Patel. Information Leakege in Encrypted Key Exchange. In Proceedings of the DIMACS Workshop on Network Threats, 1997.
V. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology-Crypto 85, pages 417–426. LNCS vol. 218, Springer-Verlag, 1986.
N. Koblitz. Elliptic curve cryptosystems. Math. Comp., 48:203–209, 1987.
Wireless Application Protocol-Wireless Transport Layer Security Specification, Wireless Application Forum Ltd, 2000.
IEEE P1363 Study Group for Future Public-Key Cryptography Standards. http://grouper.ieee.org/groups/1363/StudyGroup.
Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). American National Standard for Financial Services, X9.62, 1998.
I.F. Blake, G. Seroussi and N.P. Smart. Elliptic Curves in Cryptography. LMS Lecture Note Series 265, CUP, 1999.
J.H. Silverman. The Arithmetic of Elliptic Curves. Springer-Verlag, GTM 106, 1986.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boyd, C., Montague, P., Nguyen, K. (2001). Elliptic Curve Based Password Authenticated Key Exchange Protocols. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_38
Download citation
DOI: https://doi.org/10.1007/3-540-47719-5_38
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42300-3
Online ISBN: 978-3-540-47719-8
eBook Packages: Springer Book Archive