Efficient and Strongly Secure Password-based Server Aided Key Exchange

Abstract

In ACNS'06, Cliff, et al. proposed the password-based server aided key exchange (PSAKE) as one of password-based authenticated key exchanges in the three-party setting (3-party PAKE) in which two clients with different passwords exchange a session key with the help of their corresponding server. Though they also studied a strong security definition of the 3-party PAKE, their security model is not strong enough because there are desirable security properties which cannot be captured. In this paper, we define a new formal security model of the 3-party PAKE which is stronger than the previous model. Our model captures all known desirable security requirements of the 3-party PAKE, like the resistance to key-compromise impersonation, to the leakage of ephemeral private keys of servers and to the undetectable on-line dictionary attack. Also, we propose a new scheme as an improvement of PSAKE with the optimal number of rounds for a client, which is secure in the sense of our model.