Session-key generation using human passwords only

Oded Goldreich; Yehuda Lindell

doi:10.1007/s00145-006-0233-z

Session-key generation using human passwords only

Oded Goldreich, Yehuda Lindell

Department of Computer Science

Weizmann Institute of Science

Research output: Contribution to journal › Article › peer-review

42 Scopus citations

Abstract

We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password, and there is no additional set-up assumption in the network. Our protocol is proven secure under the assumption that enhanced trapdoor permutations exist. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert, and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable with an attack in which an adversary is only allowed to make a constant number of queries of the form "is w the password of Party A." We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not known whether or not such protocols were attainable without the use of random oracles or additional set-up assumptions.

Original language	English
Pages (from-to)	241-340
Number of pages	100
Journal	Journal of Cryptology
Volume	19
Issue number	3
DOIs	https://doi.org/10.1007/s00145-006-0233-z
State	Published - Jul 2006

Access to Document

10.1007/s00145-006-0233-z

Cite this

@article{2fd42f65044e4d50984d63211bbf1c8f,

title = "Session-key generation using human passwords only",

abstract = "We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password, and there is no additional set-up assumption in the network. Our protocol is proven secure under the assumption that enhanced trapdoor permutations exist. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert, and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable with an attack in which an adversary is only allowed to make a constant number of queries of the form {"}is w the password of Party A.{"} We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not known whether or not such protocols were attainable without the use of random oracles or additional set-up assumptions.",

author = "Oded Goldreich and Yehuda Lindell",

year = "2006",

month = jul,

doi = "10.1007/s00145-006-0233-z",

language = "אנגלית",

volume = "19",

pages = "241--340",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer New York",

number = "3",

}

TY - JOUR

T1 - Session-key generation using human passwords only

AU - Goldreich, Oded

AU - Lindell, Yehuda

PY - 2006/7

Y1 - 2006/7

N2 - We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password, and there is no additional set-up assumption in the network. Our protocol is proven secure under the assumption that enhanced trapdoor permutations exist. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert, and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable with an attack in which an adversary is only allowed to make a constant number of queries of the form "is w the password of Party A." We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not known whether or not such protocols were attainable without the use of random oracles or additional set-up assumptions.

AB - We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password, and there is no additional set-up assumption in the network. Our protocol is proven secure under the assumption that enhanced trapdoor permutations exist. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert, and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable with an attack in which an adversary is only allowed to make a constant number of queries of the form "is w the password of Party A." We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not known whether or not such protocols were attainable without the use of random oracles or additional set-up assumptions.

UR - http://www.scopus.com/inward/record.url?scp=33745184723&partnerID=8YFLogxK

U2 - 10.1007/s00145-006-0233-z

DO - 10.1007/s00145-006-0233-z

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:33745184723

SN - 0933-2790

VL - 19

SP - 241

EP - 340

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 3

ER -

Session-key generation using human passwords only

Abstract

Access to Document

Other files and links

Fingerprint

Cite this