Results 1 
3 of
3
A Framework for PasswordBased Authenticated Key Exchange
 in Cryptology — Eurocrypt 2003, LNCS
, 2003
"... In this paper we present a general framework for passwordbased authenticated key exchange protocols, in the common reference string model. Our protocol is actually an abstraction of the key exchange protocol of Katz et al. and is based on the recently introduced notion of smooth projective hashi ..."
Abstract

Cited by 64 (1 self)
 Add to MetaCart
In this paper we present a general framework for passwordbased authenticated key exchange protocols, in the common reference string model. Our protocol is actually an abstraction of the key exchange protocol of Katz et al. and is based on the recently introduced notion of smooth projective hashing by Cramer and Shoup. We gain a number of benefits from this abstraction. First, we obtain a modular protocol that can be described using just three highlevel cryptographic tools. This allows a simple and intuitive understanding of its security.
Multitrapdoor commitments and their applications to proofs of knowledge secure under concurrent maninthemiddle attacks,” in CRYPTO, 2004. A Cryptographic Assumptions We define the hardness assumptions that we use in the security proof of our optimized
 Similarly, B recovers Wmid(x) and Ymid(x) such that Wmid = Wmid(s) and Ymid = Ymid(s). Then, it sets H(x) = ((v0(x)+V (x))(w0(x)+W(x))−(y0(x)+Y (x)))/t(x), where V (x) = ∑k∈[N] ckvk(x) +Vmid(x) (and similarly for W(x) and Y (x)). Since the
"... Abstract. We introduce the notion of multitrapdoor commitments which is a stronger form of trapdoor commitment schemes. We then construct two very efficient instantiations of multitrapdoor commitment schemes, one based on the Strong RSA Assumption and the other on the Strong DiffieHellman Assumpt ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Abstract. We introduce the notion of multitrapdoor commitments which is a stronger form of trapdoor commitment schemes. We then construct two very efficient instantiations of multitrapdoor commitment schemes, one based on the Strong RSA Assumption and the other on the Strong DiffieHellman Assumption. The main application of our new notion is the construction of a compiler that takes any proof of knowledge and transforms it into one which is secure against a concurrent maninthemiddle attack (in the common reference string model). When using our specific implementations, this compiler is very efficient (requires no more than four exponentiations) and maintains the round complexity of the original proof of knowledge. The main practical applications of our results are concurrently secure identification protocols. For these applications our results are the first simple and efficient solutions based on the Strong RSA or DiffieHellman Assumption. 1
Forward Secrecy in PasswordOnly Key Exchange Protocols
"... Passwordonly authenticated key exchange (PAKE) protocols are designed to be secure even when users choose short, easilyguessed passwords. Security requires, in particular, that the protocol cannot be broken by an oline dictionary attack in which an adversary enumerates all possible passwords i ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
Passwordonly authenticated key exchange (PAKE) protocols are designed to be secure even when users choose short, easilyguessed passwords. Security requires, in particular, that the protocol cannot be broken by an oline dictionary attack in which an adversary enumerates all possible passwords in an attempt to determine the correct one based on previouslyviewed transcripts. Recently, provablysecure protocols for PAKE were given in the idealized random oracle/ideal cipher models [2, 8, 19] and in the standard model based on general assumptions [11] or the DDH assumption [14]. The latter protocol