一个前向安全的基于口令认证的三方密钥交换协议

目前,文献中提出的基于口令认证的密钥交换协议,很多都是针对两方的情形设计的,即通信双方为客户与服务器,它们通过一个预先共享的口令来进行认证的密钥交换.随着现代通信环境的快速变化,需要能为任意客户间构建一个端到端的安全信道,这种应用的情形与那些文献中所考虑的有很大区别.针对这种情形,文中提出了一个可证前向安全的基于口令认证的三方密钥交换协议,使通信双方在认证服务器的帮助下能相互进行认证并建立一个会话密钥.与前人提出的基于口令认证的三方密钥交换协议相比,该协议在计算代价和通信代价上都较有效,因而更适用于资源受限的环境.此协议的安全性是在口令型的选择基Gap Diffie-Hellman问题难解的假设前提下在随机谕示模型下证明的.

Three-Party Password-Based Authenticated Key Exchange with Forward-Security

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password.With a rapid change in modern communication environments,it is necessary to construct a secure end-to-end channel between clients,which is a quite different paradigm from the existing ones.The authors propose a provably forward-secure three-party password-based authenticated key exchange protocol in which two communication entities can authenticate each other and establish a session key through the assistance of an authentication server.The proposed protocol is efficient both in computational cost and in communication cost when compared with previous solutions and thus attractive in resources-constrained environment.The security of the proposed scheme has been proven in the random oracle model under the password chosen-basis Gap Diffie-Hellman assumption.