A password-based authenticator: Security proof and applications

Abstract

A password-based authentication mechanism, first proposed by Halevi and Krawczyk, is used to formally describe a password-based authenticator in the Canetti-Krawczyk proof model. A proof of the security of the authenticator is provided. The possible practical applications of the authenticator are demonstrated by applying it to two key exchange protocols from the ideal world of the Canetti-Krawczyk model to produce two password-based key exchange protocols with provable security in the real world of the model. These two new protocols are almost as efficient as those proposed by Halevi and Krawczyk and have fewer message flows if it is assumed that the client must initiate the protocol. The new authenticator contributes a new component which has been proven secure in the Canetti-Krawczyk model, while the new key exchange protocols are provably secure making them attractive for use in settings where clients must authenticate to a server using a relatively short password. © Springer-Verlag Berlin Heidelberg 2003.