International Conference on Information and Knowledge Technology

فارسی

Home / پانزدهمین کنفرانس بین المللی فناوری اطلاعات و دانش

Cryptanalysis of two password authenticated key exchange schemes

Authors :

Mohammad Ali Poorafsahi¹ Hamid Mala²

1- دانشگاه اصفهان 2- دانشگاه اصفهان

Keywords :

Authentication،EKE،Key Exchange،LWE،PAKE،assword guessing attack

Abstract :

In the realm of password authenticated key exchange (PAKE) protocols, security and efficiency are of greatest importance. This article examines two modern PAKE schemes: the RLWE-SRP, a quantum-safe variant of the Secure Remote Password (SRP) protocol, and the ID-PAKE-PFS, an identity-based Password Authentication and Key Establishment scheme. Our analysis reveals specific vulnerabilities in both protocols: RLWE-SRP is susceptible to Denial of Service (DoS) attacks due to the lack of initial message validation, while ID-PAKE-PFS is vulnerable to password guessing attacks due to the inclusion of identities in ciphertexts. To address these vulnerabilities, we propose modifications for each of them: (1) For RLWE-SRP, we introduce a hash-based validation step in the authentication phase to verify the authenticity of initial messages. (2) For ID-PAKE-PFS, we suggest slight modification in how ciphertexts are calculated to prevent attackers from verifying password guesses. These modifications effectively strengthen both protocols against their respective vulnerabilities while maintaining their core functionalities in both classical and post-quantum environments.