International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

SeongHan Shin

Affiliation: AIST

Publications

Year
Venue
Title
2010
EPRINT
Security Proof of AugPAKE
In this paper, we show that the AugPAKE protocol provides the semantic security of session keys under the strong Diffie-Hellman (SDH) assumption in the random oracle model.
2008
EPRINT
A Secure Threshold Anonymous Password-Authenticated Key Exchange Protocol
At Indocrypt 2005, Viet et al., [22] have proposed an anonymous password-authenticated key exchange (PAKE) protocol and its threshold construction both of which are designed for client's password-based authentication and anonymity against a passive server, who does not deviate the protocol. In this paper, we first point out that their threshold construction is completely insecure against off-line dictionary attacks. For the threshold t > 1, we propose a secure threshold anonymous PAKE (for short, TAP) protocol with the number of clients n upper-bounded, such that n \leq 2 \sqrt{N-1} -1, where N is a dictionary size of passwords. We rigorously prove that the TAP protocol has semantic security of session keys in the random oracle model by showing the reduction to the computational Diffie-Hellman problem. In addition, the TAP protocol provides unconditional anonymity against a passive server. For the threshold t=1, we propose an efficient anonymous PAKE protocol that significantly improves efficiency in terms of computation costs and communication bandwidth compared to the original (not threshold) anonymous PAKE protocol [22].
2005
EPRINT
Security Proof of "Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA"
In this paper, we prove the security of the {\sf RSA-AKE} protocol \cite{SKI05} in the random oracle model. The proof states that the {\sf RSA-AKE} protocol is secure against an adversary who gets the client's stored secret \emph{or} the server's RSA private key.\footnote{The protocol is the same as \cite{SKI05}, but we corrected the security proof partially. The attacks appeared in \cite{TM05} are no longer available in the proof since the adversary has access to either the client's stored secret or the server's private key, not both of them.} To our best knowledge, the {\sf RSA-AKE} protocol is the most efficient among their kinds (i.e., RSA and password based AKE protocols). The other security properties and efficiency measurements of the {\sf RSA-AKE} protocol remain the same as in \cite{SKI05}.
2003
ASIACRYPT

Coauthors

Hideki Imai (4)
Kazukuni Kobara (4)