Abstract

Two-server password-authenticated key exchange allows the client to split a low-entropy password into two pieces and store them in two servers, respectively, and the two servers collaboratively authenticate the client and establish session keys. Even though either server has been corrupted, it guarantees that the password still remains secure. In 2014, Yi et al. proposed a compiler that transforms any two-party PAKE protocol to a two-server PAKE protocol by dint of the ID-based public-key encryption system under the standard model. Moreover, it is claimed that the scheme is provably secure in a relevant formal model. In this letter, we point out an existing related-key attack to their scheme so that when one server is corrupted, the adversary can subtly derive the fresh key shared by the remaining two honest parties. In addition, we suggest a simple patch to avoid this concern.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.