New Approaches to Password Authenticated Key Exchange Based on RSA

Abstract

We investigate efficient protocols for password-authenticated key exchange based on the RSA public-key cryptosystem. To date, most of the published protocols for password-authenticated key exchange were based on Diffie-Hellman key exchange. It seems difficult to design efficient password-authenticated key exchange protocols using RSA and other public-key cryptographic techniques. In fact, many of the proposed protocols for password-authenticated key exchange based on RSA have been shown to be insecure; the only one that remains secure is the SNAPI protocol. Unfortunately, the SNAPI protocol has to use a prime public exponent e larger than the RSA modulus n. In this paper, we present a new password-authenticated key exchange protocol, called PEKEP, which allows using both large and small prime numbers as RSA public exponent. Based on number-theoretic techniques, we show that the new protocol is secure against the e-residue attack, a special type of off-line dictionary attack against RSA-based password-authenticated key exchange protocols. We also provide a formal security analysis of PEKEP under the RSA assumption and the random oracle model. On the basis of PEKEP, we present a computationally-efficient key exchange protocol to mitigate the burden on communication entities.KeywordsRandom Oracle ModelModular ExponentiationDictionary AttackPublic ExponentPower ResidueThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.