软件学报 ISSN 1000-9825, CODEN RUXUEW                                        E-mail: jos@iscas.ac.cn
         Journal of Software,2020,31(10):3238−3250 [doi: 10.13328/j.cnki.jos.005805]   http://www.jos.org.cn
         ©中国科学院软件研究所版权所有.                                                          Tel: +86-10-62562563


                                                             ∗
         改进的三方口令验证元认证密钥交换协议

               1
                                      1
                       1
                              2
         张启慧 ,   胡学先 ,   刘文芬 ,   魏江宏
         1
          (中国人民解放军战略支援部队信息工程大学,河南  郑州  450001)
         2 (桂林电子科技大学  计算机与信息安全学院,广西  桂林  541004)
         通讯作者:  胡学先, E-mail: huxuexian@tca.iscas.ac.cn

         摘   要:  在三方口令认证密钥交换(三方 PAKE)协议中,每个用户仅仅需要和服务器共享一个口令,就可以在服务
         器的协助下与他人进行安全的密钥交换.由于有效地减少了用户管理口令的负担,三方 PAKE 协议在大规模用户集
         的安全通信中受到了较多关注.然而,已有的三方 PAKE 协议大多关注的是服务器利用明文存储用户口令的情形,没
         有考虑服务器口令文件泄露所造成的巨大威胁.在服务器端存放的是相应于用户口令的验证元的情形下,研究三方
         PAKE 协议的分析和设计.首先分析了一个最近提出的基于验证元的三方 PAKE 协议,指出该协议易于遭受离线字
         典攻击,因此未能达到所宣称的安全性;其次,在分析已有协议设计缺陷的基础上,提出了一个新的基于验证元的三
         方 PAKE 协议,并在标准模型下证明了所设计的协议的安全性,与已有协议的比较表明,新提出的协议在提供了更高
         安全性的同时具有可接受的计算和通信效率.
         关键词:  密钥交换协议;口令认证;验证元;离线字典攻击;标准模型
         中图法分类号: TP309

         中文引用格式:  张启慧,胡学先,刘文芬,魏江宏.改进的三方口令验证元认证密钥交换协议.软件学报,2020,31(10):3238–3250.
         http://www.jos.org.cn/1000-9825/5805.htm
         英文引用格式: Zhang QH, Hu XX, Liu WF, Wei JH. Improved verifier-based three-party password-authenticated key exchange
         protocol. Ruan Jian Xue Bao/Journal of Software, 2020,31(10):3238−3250 (in Chinese). http://www.jos.org.cn/1000-9825/5805.htm

         Improved Verifier-based Three-party Password-authenticated Key Exchange Protocol
                     1
                                                                1
                                                2
                                   1
         ZHANG Qi-Hui ,   HU Xue-Xian ,  LIU Wen-Fen ,   WEI Jiang-Hong
         1
          (PLA Strategic Support Force Information Engineering University, Zhengzhou 450001, China)
         2
          (School of Computer Science and Information Security, Guilin University of Electronic Technology, Guilin 541004, China)
         Abstract:    With  the  aid of  three-party password-authenticated key  exchange (3PAKE) protocol, two users,  each of  which shares  a
         low-entropy password with the trusted server, could agree on a common session key securely. Since 3PAKE protocols reduce the burden
         of password management dramatically when the total number of users is very large, they have attracted much attention recently. However,
         most of the existing 3PAKE protocols are designed in the scenario where a user stores her/his plain password in the password file of the
         server, henceforth no protection would be provided once the password file is leaked. This study investigates the analysis and design of
         verifier-based 3PAKE protocols, where the server holds a verifier of a password other than the plain password. Firstly, it is shown that a
         recently proposed verifier-based 3PAKE protocol is  not secure,  which is vulnerable to  off-line dictionary attack.  Then,  aiming  to
         overcome  the  existed deficits,  a new verifier-based 3APKE protocol is proposed  and its security is proved in  the standard  model.
         Comparisons show that the proposed new scheme takes the advantage of security as well as enjoys practical efficiency.
         Key words:    key exchange protocol; password authentication; verifier-based; off-line dictionary attack; standard model



            ∗  基金项目:  国家自然科学基金(61502527, 61702549, 61862011);  广西密码学与信息安全重点实验室研究课题(GCIS201704)
             Foundation  item:  National  Natural Science Foundation of  China (61502527, 61702549, 61862011); Guangxi  Key Laboratory of
         Cryptography and Information Security (GCIS201704)
             收稿时间: 2018-08-20;  修改时间: 2018-10-12;  采用时间: 2018-12-11