Paper 2013/666

An Offline Dictionary Attack against a Three-Party Key Exchange Protocol

Junghyun Nam, Kim-Kwang Raymond Choo, Juryon Paik, and Dongho Won

Abstract

Despite all the research efforts made so far, the design of protocols for password-authenticated key exchange (PAKE) still remains a non-trivial task. One of the major challenges in designing such protocols is to protect low-entropy passwords from the notorious dictionary attacks. In this work, we revisit Abdalla and Pointcheval's three-party PAKE protocol presented in Financial Cryptography 2005, and demonstrate that the protocol is vulnerable to an off-line dictionary attack whereby a malicious client can find out the passwords of other clients.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Password-authenticated key exchange (PAKE)three-party key exchangepassworddictionary attack.
Contact author(s)
jhnam @ kku ac kr
History
2013-10-24: received
Short URL
https://ia.cr/2013/666
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/666,
      author = {Junghyun Nam and Kim-Kwang Raymond Choo and Juryon Paik and Dongho Won},
      title = {An Offline Dictionary Attack against a Three-Party Key Exchange Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2013/666},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/666}},
      url = {https://eprint.iacr.org/2013/666}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.