[Resource Topic] 2000/026: Authentication and Key Agreement via Memorable Password

Welcome to the resource topic for 2000/026

Authentication and Key Agreement via Memorable Password

Authors: Taekyoung Kwon


This paper presents a new password authentication and key agreement protocol, AMP, based on the amplified password idea.
The intrinsic problems with password authentication are the password itself has low entropy and the password file is very hard
to protect.
We present the amplified password proof and the amplified password file for solving these problems.
A party commits the high entropy information and amplifies her password with that information in the amplifed password proof.
She never shows any information except that she knows it.
Our amplified password proof idea is very similar to the zero-knowledge proof in that sense.
We adds one more idea; the amplified password file for password file protection.
A server stores the amplified verifiers in the amplified password file that is secure against a server file compromise and a dictionary
AMP mainly provides the password-verifier based authentication
and the Diffie-Hellman based key agreement, securely and efficiently.
AMP is easy to generalize in any other cyclic groups.
In spite of those plentiful properties, AMP is actually the most efficient protocol among the related protocols
due to the simultaneous multiple exponentiation method.
Several variants such as AMP^i, AMPn, AMP^n+, AMP+, AMP++, and AMP^c are also proposed.
Among them, AMP^n is actually the basic protocol of this paper that describes the amplified password proof idea
while AMP is the most complete protocol that adds the amplified password file.
AMP^i simply removes the amplified password file from AMP.
In the end, we give a comparison to the related protocols in terms of efficiency.

ePrint: https://eprint.iacr.org/2000/026

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .