International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Public-Key Cryptography and Password Protocols: The Multi-User Case

Authors:
Maurizio Kliban Boyarsky
Download:
URL: http://eprint.iacr.org/1999/021
Search ePrint
Search Google
Abstract: The problem of password authentication over an insecure network when the user holds only a human-memorizable password has received much attention in the literature. The first rigorous treatment was provided by Halevi and Krawczyk (ACM CCS, 1998), who studied off-line password guessing attacks in the scenario in which the authentication server possesses a pair of private and public keys. HK's definition of security concentrates on the single-user (and single server) case. <P> In this work we: (1) Show the inadequacy of both the Halevi-Krawczyk formalization and protocol in the case where there is more than a single user: using a simple and realistic attack, we prove failure of the HK solution in the two-user case. (2) Propose a new definition of security for the multi-user case, expressed in terms of transcripts of the entire system, rather than individual protocol executions. (3) Suggest several ways of achieving this security against both static and dynamic adversaries. In a recent revision of their paper, Halevi and Krawczyk attempted to handle the multi-user case. We expose a weakness in their approach.
BibTeX
@misc{eprint-1999-11341,
  title={Public-Key  Cryptography  and  Password  Protocols:  The Multi-User Case},
  booktitle={IACR Eprint archive},
  keywords={Password Authentication, Chosen Ciphertext Attacks, Non-Malleability},
  url={http://eprint.iacr.org/1999/021},
  note={Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive. mkboyarsky@yahoo.com 10500 received September 16, 1999. To appear in the 6th ACM Conference on Computer and Communication Security, 1999.},
  author={Maurizio Kliban Boyarsky},
  year=1999
}