Cryptanalysis and Improvement of Gateway-Oriented Password Authenticated Key Exchange Protocol Based on RSA

WANG Ding; WANG Ping; LEI Ming

doi:10.3969/j.issn.0372-2112.2015.01.028

您当前的位置：

首页 >

文章列表页 >

Cryptanalysis and Improvement of Gateway-Oriented Password Authenticated Key Exchange Protocol Based on RSA

更新时间：2025-07-16

- Cryptanalysis and Improvement of Gateway-Oriented Password Authenticated Key Exchange Protocol Based on RSA
- Acta Electronica Sinica Vol. 43, Issue 1, Pages: 176-184(2015)
- 作者机构：
  
  1. 北京大学信息科学技术学院,北京,100871
  2. 北京大学软件与微电子学院,北京,102600
  3. 北京大学信息科学技术学院,北京,100871
  4. 北京大学软件与微电子学院,北京,102600
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China (No.61472016)
- DOI：10.3969/j.issn.0372-2112.2015.01.028
  CLC： TP309
- Published：2015
- 稿件说明：
移动端阅览
WANG Ding, WANG Ping, LEI Ming. Cryptanalysis and Improvement of Gateway-Oriented Password Authenticated Key Exchange Protocol Based on RSA[J]. Acta Electronica Sinica, 2015, 43(1): 176-184.
DOI：

WANG Ding, WANG Ping, LEI Ming. Cryptanalysis and Improvement of Gateway-Oriented Password Authenticated Key Exchange Protocol Based on RSA[J]. Acta Electronica Sinica, 2015, 43(1): 176-184. DOI： 10.3969/j.issn.0372-2112.2015.01.028.

摘要

设计安全高效的基于RSA的口令认证密钥交换协议是密码学领域的公开难题.2011年Wei等学者首次提出了一个基于RSA的可证明安全的网关口令认证密钥交换协议

并声称在随机预言模型下基于大整数的素因子分解困难性证明了协议的安全性.利用该协议中服务器端提供的预言机服务

提出一种分离攻击

攻击者只需发起几十次假冒会话便可恢复出用户的口令.攻击结果表明

该协议无法实现所声称的口令保护这一基本安全目标

突出显示了分离攻击是针对基于RSA的口令认证密钥交换协议的一种严重安全威胁.进一步指出了协议形式化安全证明中的失误

给出一个改进方案.分析结果表明

改进方案在提高安全性的同时保持了较高效率

更适于移动通信环境.

Abstract

It remains an open problem to design a secure and efficient RSA-based password-authenticated key exchange(PAKE)protocol in the areas of cryptography.In 2011

Wei proposed the first provably secure gateway-oriented PAKE protocol using RSA

and claimed that the protocol is provably secure in the random oracle model based on the intractability of the integer factorization problem.However

in this short paper

we point out that an adversary can launch the separation attack on their protocol by exploiting the oracle service unwittingly provided by the server

and a user's password can thus be guessed just after tens of malicious sessions.Our cryptanalysis result invalidates Wei's claim that their protocol can achieve the security goal of password protection

and highlights the damaging threat that separation attack poses to RSA-based PAKE protocols.Furthermore

we uncover the flaws in their formal security proof and put forward an enhancement to overcome the identified defect.The analysis results show that the improved protocol eliminates the vulnerability of Wei's protocol while keeping the merit of high performance

suitable for mobile application scenarios.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Implementation Study of Partly Parallel Montgomery Modular Multiplier

The Design and Implementation of a RSA Modular Exponentiator

The Key Question Analysis of RSA Digital Signature Algorithm Based on Smart Card

An Effective Searching Algorithm for Factoring Large Integer n=pq

Related Author

LIU Qiang

TONG Dong

CHENG Xu

LIU Qiang

TONG Dong

CHENG Xu

YUAN Xiao-yu

ZHANG Qi-shan

Related Institution

Department of Computer Science and Technology,Peking University

Microprocessor Research and Development Center,Peking University

Department of Computer Science and TechnologyPeking UniversityBeijing 100871China

Microprocessor Research and Development CenterPeking UniversityBeijing 100871China

北京大学微处理器研究开发中心

⁰