Authors:Yukou Kobayashi¹;Naoto Yanai²;Kazuki Yoneyama³;Takashi Nishide¹;Goichiro Hanaoka⁴;Kwangjo Kim⁵ andEiji Okamoto¹

Affiliations:¹University of Tsukuba, Japan;²Osaka University, Japan;³Ibaraki University, Japan;⁴National Institute of Advanced Industrial Science and Technology, Japan;⁵Korea Advanced Institute of Science and Technology, Korea, Republic of

Keyword(s):Password-based Authenticated Key Exchange (PAKE), Threshold Cryptography.

RelatedOntology Subjects/Areas/Topics:Identification, Authentication and Non-Repudiation ;Information and Systems Security ;Insider Threats and Countermeasures ;Security in Distributed Systems ;Security Protocols ;Security Verification and Validation

Abstract:Password-based Authenticated Key Exchange (PAKE) allows a server to authenticate a user and to establisha session key shared between the server and the user just by having memorable passwords. In PAKE, conventionallythe server is assumed to have the authentication functionality and also provide on-line servicessimultaneously. However, in the real-life applications, this may not be the case, and the authentication servermay be separate from on-line service providers. In such a case, there is a problem that a malicious serviceprovider with no authentication functionality may be able to guess the passwords by interacting with otherparticipants repeatedly. Abdalla et al. put forward a notion of the server password protection security to dealwith this problem. However, their proposed schemes turned out to be vulnerable to Undetectable On-lineDictionary Attack (UDonDA). To cope with this situation, we propose the Gateway Threshold PAKE provablysecure against this password guessing attack by also taking the corruption of authentication servers intoconsideration.(More)