An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model  

作　　者：Fushan WEI Jianfeng MA Ruijie ZHANG Chuangui MA Xuan WANG 

机构地区：[1]State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an 710071, China [2]State Key Laboratory of Mathematical Engineering and Advanced Computing, The PLA Information Engineering University, Zhengzhou 450001, China [3]Engineering University of CAPF, Xi'an 710078, China

出　　处：《Science China(Information Sciences)》2017年第7期126-139,共14页中国科学（信息科学）（英文版）

基　　金：funded by National High Technology Research and Development Program of China (863 Program) (Grant No. 2015AA016007);National Natural Science Foundation of China (Grant Nos. 61309016, 61379150, 61501515);Postdoctoral Science Foundation of China (Grant No. 2014M562493);Postdoctoral Science Foundation of Shanxi Province, Fundamental Research Funds for the Central Universities (Grant No. JB161501);Key Scientific Technological Project of Henan Province (Grant Nos. 122102210126, 092101210502)

摘　　要：With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange（GPAKE） protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman（DDH） problem. In our proposal,the password is shared among n authentication servers and is secure unless the adversary corrupts more than t ＋ 1 servers. Our protocol requires n 〉 3t servers to work. Compared with existing threshold PAKE protocols,our protocol maintains both stronger security and greater efficiency.With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange（GPAKE） protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman（DDH） problem. In our proposal,the password is shared among n authentication servers and is secure unless the adversary corrupts more than t ＋ 1 servers. Our protocol requires n 〉 3t servers to work. Compared with existing threshold PAKE protocols,our protocol maintains both stronger security and greater efficiency.

关 键 词：password key exchange gateway threshold provable security 

分 类 号：TN918.4[电子电信—通信与信息系统]