International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Authentication and Key Agreement via Memorable Password

Taekyoung Kwon
Search ePrint
Search Google
Abstract: This paper presents a new password authentication and key agreement protocol, AMP, based on the amplified password idea. The intrinsic problems with password authentication are the password itself has low entropy and the password file is very hard to protect. We present the amplified password proof and the amplified password file for solving these problems. A party commits the high entropy information and amplifies her password with that information in the amplifed password proof. She never shows any information except that she knows it. Our amplified password proof idea is very similar to the zero-knowledge proof in that sense. We adds one more idea; the amplified password file for password file protection. A server stores the amplified verifiers in the amplified password file that is secure against a server file compromise and a dictionary attack. AMP mainly provides the password-verifier based authentication and the Diffie-Hellman based key agreement, securely and efficiently. AMP is easy to generalize in any other cyclic groups. In spite of those plentiful properties, AMP is actually the most efficient protocol among the related protocols due to the simultaneous multiple exponentiation method. Several variants such as AMP^i, AMPn, AMP^n+, AMP+, AMP++, and AMP^c are also proposed. Among them, AMP^n is actually the basic protocol of this paper that describes the amplified password proof idea while AMP is the most complete protocol that adds the amplified password file. AMP^i simply removes the amplified password file from AMP. In the end, we give a comparison to the related protocols in terms of efficiency.
  title={Authentication and Key Agreement via Memorable Password},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / authentication, key agreement, password guessing, password verifier, public-key cryptography, discrete logarithm problem, Diffie-Hellman problem, amplified password proof, amplified password file},
  note={contribution to the IEEE P1363 study group for future PKC standards or 11192 received 5 Jun 2000, revised 29 Jul 2000, revised 29 Jul 2000, revised 10 Aug 2000, revised 23 Aug 2000},
  author={Taekyoung Kwon},