Password-based authenticated key exchange protocols

摘要

the two-party password-based key exchange protocol (PAKE) is the protocol in which two communications entities can authenticate each other and establish a session key over an insecure network. Designing a secure PAKE protocols is non-trivial than one may appear at first glance since the password is picked up by users from a small space, and therefore the protocol is vulnerable to dictionary attacks because an adversary can enumerate all possible passwords in an attempt to determine the correct one. So A secure PAKE protocol should be resisted to such dictionary attacks. In gerneraly, offline dictionary attacks present more difficult to resist than online dictionary attacks. That is, When a PAKE is said to be secure, it can not be break by offline dictionary attracks. Althought a lot of secure definitions and models of PAKE over pass ten yeas are proposed, however, the power of adversay in this model is limited so that the model can not well captued more realistic attacks in practice. In this paper, we extend existing PAKE definition to a new one so that improved model can give an adversary more power to break the protocols.