摘要：

基于可证明安全的AugPAKE协议，提出一种具有强安全性的三方口令认证密钥交换(3PAKE)协议，协议中避免使用服务器的公钥进行认证，以保证执行效率。安全性分析结果表明，该协议可抵抗字典攻击、服务器泄露攻击等已知攻击，并具有对服务器的密钥保密性以及前向安全性。在随机预言模型下，基于DDH、SDH假设证明了该协议的安全性。

关键词: 口令认证, 密钥交换, 字典攻击, 三方口令认证密钥交换, 随机预言模型

Abstract:

Based on the protocol AugPAKE which has been proven security, this paper proposes a strong security Three-party Password-based Authenticated Key Exchange(3PAKE) protocol, which avoids using the server’s public key to authenticate, and ensures the efficiency. It is proved to be secure against dictionary attacks, server leaked attacks and kinds of known attacks, and also applies key privacy to the server and forward security. The security of the protocol are proved based on Decisional Diffie-Hellman(DDH) problem and Strong Diffie-Hellman(SDH) problem in random oracle model.

Key words: password authentication, key exchange, dictionary attack, Three-party Password-based Authenticated Key Exchange(3PAKE), random oracle model

中图分类号: 

• TP309