Password-authenticated key agreement – Wikipedia

In cryptography, a password-authenticated key agreement method is an synergistic method acting for two or more parties to establish cryptanalytic keys based on one or more party ‘s cognition of a password. An important place is that an eavesdropper or man-in-the-middle can not obtain adequate data to be able to brute-force guess a password without promote interactions with the parties for each ( few ) guesses. This means that strong security can be obtained using fallible passwords .

Types [edit ]

Password-authenticated key agreement broadly encompasses methods such as :

  • Balanced password-authenticated key exchange
  • Augmented password-authenticated key exchange
  • Password-authenticated key retrieval
  • Multi-server methods
  • Multi-party methods

In the most rigorous password-only security models, there is no prerequisite for the drug user of the method to remember any mystery or public data other than the password.

Password authenticated key exchange ( PAKE ) is where two or more parties, based only on their cognition of a shared password, [ 1 ] establish a cryptanalytic key using an exchange of messages, such that an unauthorized party ( one who controls the communication channel but does not possess the password ) can not participate in the method acting and is constrained american samoa a lot as potential from brute-force guessing the password. ( The optimum case yields precisely one guess per guide exchange. ) Two forms of PAKE are Balanced and Augmented methods. [ 1 ]

Balanced PAKE [edit ]

Balanced PAKE assumes the two parties in either a client-client or client-server position use the same secret password to negotiate and authenticate a shared samara. [ 1 ] Examples of these are :

  • Encrypted Key Exchange (EKE)
  • PAK and PPK[2]
  • SPEKE (Simple password exponential key exchange)
  • Elliptic Curve based Secure Remote Password protocol (EC-SRP or SRP5)[3] There is a free Java card implementation.[4]
  • Dragonfly – IEEE Std 802.11-2012, RFC 5931, RFC 6617
  • CPace[5]
  • SPAKE1 and SPAKE2[6][7]
  • SESPAKE – RFC 8133
  • J-PAKE (Password Authenticated Key Exchange by Juggling) – ISO/IEC 11770-4 (2017), RFC 8236
  • ITU-T Recommendation X.1035
  • “Advanced modular handshake for key agreement and optional authentication”[8]

Augmented PAKE [edit ]

Augmented PAKE is a version applicable to client/server scenarios, in which the waiter does not store password-equivalent data. This means that an attacker that stole the server data still can not masquerade as the node unless they first perform a beast force search for the password. Some augment PAKE systems use a oblivious pseudorandom function to mix the drug user ‘s mystery password with the server ‘s mysterious salt value, so that the drug user never learns the waiter ‘s secret salt value and the server never learns the user ‘s password ( or password-equivalent value ) or the final key. [ 9 ] Examples include :

  • AMP
  • Augmented-EKE
  • PAK-X[2]
  • SRP[a]
  • AugPAKE[11]
  • OPAQUE[12]
  • AuCPace[13]
  • SPAKE2+[14]
  • “Advanced modular handshake for key agreement and optional authentication”[8]

Key retrieval [edit ]

Password-authenticated key retrieval is a work in which a customer obtains a static key in a password-based negotiation with a server that knows data associated with the password, such as the Ford and Kaliski methods. In the most rigorous arrange, one party uses entirely a password in concurrence with N ( two or more ) servers to retrieve a static key. This is completed in a way that protects the password ( and key ) even if N − 1 of the servers are wholly compromised.

abbreviated history [edit ]

The beginning successful password-authenticated key agreement methods were Encrypted Key Exchange methods described by Steven M. Bellovin and Michael Merritt in 1992. Although several of the first gear methods were flawed, the surviving and enhanced forms of EKE effectively amplify a share password into a shared key, which can then be used for encoding and/or message authentication. The foremost provably-secure PAKE protocols were given in work by M. Bellare, D. Pointcheval, and P. Rogaway ( Eurocrypt 2000 ) and V. Boyko, P. MacKenzie, and S. Patel ( Eurocrypt 2000 ). These protocols were prove secure in the alleged random oracle model ( or even stronger variants ), and the first protocols prove secure under standard assumptions were those of O. Goldreich and Y. Lindell ( Crypto 2001 ) which serves as a plausibility proof but is not efficient, and J. Katz, R. Ostrovsky, and M. Yung ( Eurocrypt 2001 ) which is practical. The first password-authenticated key recovery methods were described by Ford and Kaliski in 2000. A considerable number of alternative, guarantee PAKE protocols were given in bring by M. Bellare, D. Pointcheval, and P. Rogaway, variations, and security proofs have been proposed in this growing class of password-authenticated key agreement methods. current standards for these methods include IETF RFC 2945, RFC 5054, RFC 5931, RFC 5998, RFC 6124, RFC 6617, RFC 6628 and RFC 6631, IEEE Std 1363.2-2008, ITU-T X.1035 and ISO-IEC 11770-4:2006 .

PAKE survival work for use in internet protocols [edit ]

On request of the internet engineer job force IETF, a PAKE choice process has been carried out in 2018 and 2019 by the IRTF crypto forum research group ( CFRG ). The choice action has been carried out in several rounds. [ 15 ] In the final round in 2019 four finalists AuCPace, OPAQUE ( augmented cases ) and CPace, SPAKE2 ( poise PAKE ) prevailed. As a leave of the CFRG choice process, two achiever protocols were declared as “ recommended by the CFRG for custom in IETF protocols ” : CPace and OPAQUE. [ 16 ]

See besides [edit ]

References [edit ]

  1. ^[10] Designed to be not encumbered by patents .

foster read [edit ]

reference :
Category : crypto topics

Leave a Reply

Your email address will not be published.