An offline dictionary attack against Abdalla and Pointcheval's key exchange in the password-only three-party setting
Files
(Published version)
Date
2015
Authors
Nam, J.
Choo, K.K.R.
Paik, J.
Won, D.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Journal article
Citation
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2015; E98A(1):424-427
Statement of Responsibility
Conference Name
Abstract
Although password-only authenticated key exchange (PAKE) in the three-party setting has been widely studied in recent years, it remains a challenging area of research. A key challenge in designing three-party PAKE protocols is to prevent insider dictionary attacks, as evidenced by the flaws discovered in many published protocols. In this letter, we revisit Abdalla and Pointcheval's three-party PAKE protocol from FC 2005 and demonstrate that this protocol, named 3PAKE, is vulnerable to a previously unpublished insider offline dictionary attack. Our attack is dependant on the composition of 3PAKE and the higher-level protocol that uses the established session key.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2015 The Institute of Electronics, Information and Communication Engineers