Password-Authenticated Key Agreement

A PAKE protocol, first introduced by Bellovin and Merritt, is a special form of the cryptographic key exchange protocol. Key exchange protocols (or “key agreement”) are supposed to help two parties (they call the client and server) agree on a shared key using cryptography with public keys. The first key exchange protocols – such as the classic Diffie-Hellman – were not authenticated, making them vulnerable to Man-in-the-Middle attacks. The distinguishing feature of PAKE protocols is that the client authenticates with a password on the server. For obvious reasons, it is assumed that the password or hash is already known to the server, allowing verification. The first key methods of agreement successfully tested were the encrypted key exchange methods described in 1992 by Steven M. Bellovin and Michael Merritt. Although some of the early methods were flawed, the retained and expanded forms of EKE effectively reinforce a common password in a shared key, which can then be used for encrypting and/or authenticating messages. The first DE PAKE protocols were established in the work of Dr. Bellare, D. Pointcheval and P. Rogaway (Eurocrypt 2000) and V. Boyko, P.

MacKenzie and S. Patel (Eurocrypt 2000). These protocols proved safe in what is called the random oracle model (or even more powerful variants) and the first protocols, which proved safe according to standard assumptions were those of O. Goldreich and Y. Lindell (Crypto 2001), which serves as evidence of plausibility but is not effective, and J. Katz, R. Ostrovsky and M. Yung (Eurocrypt 2001), which are practical. Ford and Kaliski described the first key call methods verified in 2000. The client-to-client C2C-PAKA (C2C-PAKA) protocol deals with the authenticated key agreement process between two customers of different realms who only release their passwords for their own servers. Recently, Byun et al. [13] proposed an effective C2C-PAKA protocol and presented evidence of claimed security in a formal communication model and conflicting capabilities.

In this article, we show that the protocol against an attack on an identity change with password compromises is uncertain and that the right to demonstrable security is seriously wrong. To learn from these results, we found fatal errors in Byun et al.`s security model and security evidence. We then change the formal security model and the corresponding security definitions. In addition, a new C2C-PAKA cross-cutting protocol is presented with proof of safety. The key password resolution agreement usually contains methods such as: The OPAQUE solution uses on the basis of an old idea because of Gentry, Mackenzie and Ramzan.