Provably secure threshold password-authenticated key exchange

Mario Di Raimondo, Rosario Gennaro
2006 Journal of computer and system sciences (Print)  
We present two protocols for threshold password authenticated key exchange. In this model for password authentication, the password is not stored in a single authenticating server but rather shared among a set of n servers so that an adversary can learn the password only by breaking into t + 1 of them. The protocols require n > 3t servers to work. The goal is to protect the password against hackers attacks that can break into the authenticating server and steal password information. All known
more » ... ntralized password authentication schemes are susceptible to such an attack. Ours are the first protocols which are provably secure in the standard model (i.e. no random oracles are used for the proof of security). Moreover our protocols are reasonably efficient and implementable in practice. In particular a goal of the design was to avoid costly zero-knowledge proofs to keep interaction to a minimum.
doi:10.1016/j.jcss.2006.02.002 fatcat:qln6x7tk5fcedjfy5tnyxu3u4a