Paper 2000/026

Authentication and Key Agreement via Memorable Password

Taekyoung Kwon

Abstract

This paper presents a new password authentication and key agreement protocol, AMP, based on the amplified password idea. The intrinsic problems with password authentication are the password itself has low entropy and the password file is very hard to protect. We present the amplified password proof and the amplified password file for solving these problems. A party commits the high entropy information and amplifies her password with that information in the amplifed password proof. She never shows any information except that she knows it. Our amplified password proof idea is very similar to the zero-knowledge proof in that sense. We adds one more idea; the amplified password file for password file protection. A server stores the amplified verifiers in the amplified password file that is secure against a server file compromise and a dictionary attack. AMP mainly provides the password-verifier based authentication and the Diffie-Hellman based key agreement, securely and efficiently. AMP is easy to generalize in any other cyclic groups. In spite of those plentiful properties, AMP is actually the most efficient protocol among the related protocols due to the simultaneous multiple exponentiation method. Several variants such as AMP^i, AMPn, AMP^n+, AMP+, AMP++, and AMP^c are also proposed. Among them, AMP^n is actually the basic protocol of this paper that describes the amplified password proof idea while AMP is the most complete protocol that adds the amplified password file. AMP^i simply removes the amplified password file from AMP. In the end, we give a comparison to the related protocols in terms of efficiency.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. contribution to the IEEE P1363 study group for future PKC standards
Keywords
authenticationkey agreementpassword guessingpassword verifierpublic-key cryptographydiscrete logarithm problemDiffie-Hellman problemamplified password proofamplified password file
Contact author(s)
tkwon @ cs berkeley edu
ktk @ emerald yonsei ac kr
History
2000-08-23: last of 4 revisions
2000-06-05: received
See all versions
Short URL
https://ia.cr/2000/026
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2000/026,
      author = {Taekyoung Kwon},
      title = {Authentication and Key Agreement via Memorable Password},
      howpublished = {Cryptology ePrint Archive, Paper 2000/026},
      year = {2000},
      note = {\url{https://eprint.iacr.org/2000/026}},
      url = {https://eprint.iacr.org/2000/026}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.