Identity-based password-authenticated key exchange for client/server model

Abstract

Password-Authenticated Key Exchange for Client/Server model (PAKE-CS) is where a client and a server, based only on their knowledge of a password, establish a cryptographic key for secure communication. In this paper, we propose a PAKE-CS protocol on the basis of identity-based encryption, where the client needs to remember a password only while the server keeps the password in addition to a private key related to his identity, where the private key is generated by multiple private key generators. Our protocol takes advantage of the features of client/server model and is more efficient than other PAKE-CS protocols in terms that it achieves explicit authentication with two-round communications only. In order to analyze the security of our protocol, we construct an ID-based formal model of security for PAKE-CS by embedding ID-based model into PAKE model. If the underlying identity-based encryption scheme has provable security without random oracle, we can provide a rigorous proof of security for our protocol without random oracles.