Open key exchange: How to defeat dictionary attacks without encrypting public keys

Abstract

Classical cryptographic protocols based on shared secret keys often are vulnerable to key-guessing attacks. For security, the keys must be strong, difficult to memorize for humans. Bellovin and Merritt [4] proposed “encrypted key exchange” (EKE) protocols, to frustrate key-guessing attacks. EKE requires the use of asymmetric cryptosystems and is based on enerypting the public key, using a symmetric cipher. In this paper, a novel way of key exchange is presented, where public keys are sent openly, not encrypted. In contrast to EKE protocols, the same public-key/secret-key pair can be used for arbitrary many protocol executions. The RSA-based protocol variant is found to be quite efficient and practical. Compared to previous work on such protocols, a more solid formal treatment is given, influenced by the work of Bellare and Rogaway [3] on key exchange protocols for strong common secrets.