[Resource Topic] 1999/021: Public-Key Cryptography and Password Protocols: The Multi-User Case

Welcome to the resource topic for 1999/021

Public-Key Cryptography and Password Protocols: The Multi-User Case

Authors: Maurizio Kliban Boyarsky


The problem of password authentication over an insecure network
when the user holds only a human-memorizable password has
received much attention in the literature. The first rigorous
treatment was provided by Halevi and Krawczyk (ACM CCS, 1998),
who studied off-line password guessing attacks in the scenario in
which the authentication server possesses a pair of private and
public keys. HK’s definition of security concentrates
on the single-user (and single server) case.

In this work we:
(1) Show the inadequacy of both the Halevi-Krawczyk formalization
and protocol in the case where there is more than a single user:
using a simple and realistic attack, we prove failure of the HK
solution in the two-user case.
(2) Propose a new definition of security for the multi-user case,
expressed in terms of transcripts of the entire system, rather
than individual protocol executions.
(3) Suggest several ways of achieving this security against both
static and dynamic adversaries.

In a recent revision of their paper, Halevi and Krawczyk attempted
to handle the multi-user case. We expose a weakness in their approach.

ePrint: https://eprint.iacr.org/1999/021

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .