Research Papers on Password-based Cryptography


This page lists references for password-based cryptography. Sometimes referred to as strong password authentication, zero-knowledge password proofs. and key amplifiers, these methods address limitations that people have with memorizing and handling passwords.

If you can't find what you're looking for or if you know of a relevant paper that isn't listed here please tell me about it.


2009

[ABCP09] Distributed Public-Key Cryptography from Weak Secrets
Michel Abdalla, Xavier Boyen, Céline Chevalier, and David Pointcheval

[ACCP09] Password-Authenticated Group Key Agreement with Adaptive Security and Contributiveness
Michel Abdalla, Dario Catalano, Céline Chevalier, and David Pointcheval


2008

[ACCP08] Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework
Michel Abdalla, Dario Catalano, Céline Chevalier, and David Pointcheval

[AIP08] Anonymous and Transparent Gateway-based Password-Authenticated Key Exchange
Michel Abdalla, Malika Izabachène, and David Pointcheval

[HR08] Password Authenticated Key Exchange by Juggling
F. Hao and P. Ryan


2007

[ABCMP07] Strong Password-Based Authentication in TLS using the Three-Party Group Diffie-Hellman Protocol
Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Möller and David Pointcheval

[ABGS07] (Password) Authenticated Key Establishment: From 2-Party To Group
Michel Abdalla, Jens-Matthias Bohli, María Isabel González Vasco, and Rainer Steinwandt

[Bar07] Spelling-Error Tolerant, Order-Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance
Gregory V. Bard

[BCP07] A Security Solution for IEEE 802.11's Ad-hoc Mode: Password-Authentication and Group-Diffie-Hellman Key Exchange
Emmanuel Bresson, Olivier Chevassut and David Pointcheval

[CPP07] Trapdoor Hard-to-Invert Group Isomorphisms and Their Application to Password-based Authentication
Dario Catalano, David Pointcheval and Thomas Pornin

[NLKW07] Security Weakness in a Three-Party Pairing-Based Protocol for Password Authenticated Key Exchange
Junghyun Nam, Youngsook Lee, Seungjoo Kim, and Dongho Won

[P1363] IEEE P1363.2: Standard for Password-Based Public Key Cryptographic Techniques
IEEE P1363 working group (draft)

[PNKW07] New Efficient Password-Authenticated Key Exchange Based on RSA
Sangjoon Park, Junghyun Nam, Seungjoo Kim and Dongho Won

[Ver07] Selecting secure passwords
Eric Verheul

2006

[ABCP06] Password-based Group Key Exchange in a Constant Number of Rounds
M. Abdalla, B. Bresson, O. Chevassut and D. Pointcheval

[ABCMP06] Provably Secure Password-Based Authentication in TLS
Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Möller and David Pointcheval

[AFP06] Password-Based Authenticated Key Exchange in the Three-Party Setting
M. Abdalla, P.-A. Fouque and D. Pointcheval

[AP06] A Scalable Password-based Group Key Exchange Protocol in the Standard Model
Michel Abdalla and David Pointcheval

[BVS06] Password-Authenticated Constant-Round Group Key Establishment with a Common Reference String
Jens-Matthias Bohli, Mara Isabel Gonzalez Vasco, and Rainer Steinwandt

[Chi06] Comments on a Provably Secure Three-Party Password-Based Authenticated Key Exchange Protocol Using Weil Pairings
Hung-Yu Chien

[CTB06] Password Based Server Aided Key Exchange
Y. Cliff, Y.-S. Tin, and C. Boyd

[DB06] Password-based Encrypted Group Key Agreement
Ratna Dutta and Rana Barua

[GMR06] A Method for Making Password-Based Key Exchange Resilient to Server Compromise
Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan

[ISOIEC] ISO/IEC 11770-4:2006: Information Technology - Security Techniques - Key Management - Part 4: Mechanisms based on weak secrets
ISO JTC 1/SC 27

[KR06] Key Exchange Using Passwords and Long Keys
Vladimir Kolesnikov and Charles Rackoff

[LC06] Off-line Password Guessing Attack on an Efficient Key Agreement Protocol for Secure Authentication
Rongxing Lu and Zhenfu Cao

[TC06] Secure Password-based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks
Qiang Tang and Kim-Kwang Raymond Choo

[VS06] On Countering Online Dictionary Attacks With Login Histories and Humans-in-the-Loop
P. C. van Oorschot and S. Stubblebine

2005

[ACFP05] A Simple Threshold Authenticated Key Exchange from Short Secrets
Michel Abdalla, Olivier Chevassut, Pierre-Alain Fouque and David Pointcheval

[ACP05] One-time Verifier-based Encrypted Key Exchange
M. Abdalla, O. Chevassut and D. Pointcheval

[AFP05] Password-Based Authenticated Key Exchange in the Three-Party Setting
M. Abdalla, P.-A. Fouque and D. Pointcheval

[AP05] Simple Password-Based Authenticated Key Protocols
M. Abdalla and D. Pointcheval

[AP05b] Interactive Diffie-Hellman Assumptions with Applications to Password-based Authentication
M. Abdalla and D. Pointcheval

[BL05] N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords
Jin Wook Byun, Dong Hoon Lee

[CHKLM05] Universally Composable Password-Based Key Exchange
R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie

[CBH05] Examining Indistinguishability-Based Proof Models for Key Establishment Protocols
Kim-Kwang Raymond Choo, Colin Boyd and Yvonne Hitchcock

[GMR05a] Password Authenticated Key Exchange Using Hidden Smooth Subgroups
Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan

[GMR05b] PAK-Z+
Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan

[KMTG05] Two-Server Password-Only Authenticated Key Exchange
J. Katz, P. MacKenzie, G. Taban and V. Gligor

[KOY05] Efficient and Secure Authenticated Key Exchange Using Short Passwords,
J. Katz, R. Ostrovsky and M. Yung

[KPL05] Security Analysis and Improvement of the Efficient Password-based Authentication Protocol
Taekyoung Kwon, Young-Ho Park and Hee Jung Lee

[LHPM05] Secure Tripartite Password Protected Key Exchange Protocol based on Elliptic Curve
S. Lee, Y. Hitchcock, Y. Park, and S. Moon

[MP05] Hard Bits of the Discrete Log with Applications to Password Authentication
P. MacKenzie and S. Patel

[PG05] Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme
Raphael Chung-Wei Phan, Bok-Min Goi

[SKI05] Efficient and leakage-resilient authenticated key transport protocol based on RSA
S. Shin, K. Kobara and H. Imai

[TM05a] Enhanced password-based key establishment protocol
Qiang Tang and Chris J. Mitchell

[TM05b] On the security of some password-based key agreement schemes
Qiang Tang and Chris J. Mitchell

[TM05c] Weaknesses in a leakage-resilient authenticated key transport protocol
Qiang Tang and Chris J. Mitchell

[VYT05] Anonymous Password-Based Authenticated Key Exchange
D. Q. Viet, Akihiro Yamamura and Hidema Tanaka

[WKKK05] Strengthening Password-Based Authentication Protocols Against Online Dictionary Attacks
Peng Wang, Yongdae Kim, Vishal Kher, Taekyoung Kwon

[WCZ05] Password Authenticated Key Exchange for Resource-constrained Wireless Communications
Duncan S. Wong, Agnes H. Chan and Feng Zhu

[Zha05] Breaking an Improved Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks
Muxiang Zhang

2004

[AFP04] Password-Based Authenticated Key Exchange in the Three-Party Setting
M. Abdalla, P.-A. Fouque and D. Pointcheval

[BCP04] New Security Results on Encrypted Key Exchange
E. Bresson, O. Chevassut and D. Pointcheval

[CYC04] Improvement on Pretty-Simple Password Authenticated Key-Exchange Protocol for Wireless Networks
Ting-Yi Chang, Chou-Chen Yang and Chia-Meng Chen

[CPP04] IPAKE: Isomorphisms for Password-based Authenticated Key Exchange
D. Catalano, D. Pointcheval and T. Pornin

[Hoe04] The Ephemeral Pairing Problem
J.-H. Hoepman

[JG04] Password Based Key Exchange With Mutual Authentication
S. Jiang and G. Gong

[Kw04] Practical Authenticated Key Agreement using Passwords
T. Kwon

[LHL04] Efficient Password-Based Group Key Exchange
S. M. Lee, J. Y. Hwang & D. H. Lee

[NV04] Simpler Session-Key Generation from Short Random Passwords
M.-H. Nguyen and S. Vadhan

[WWX04] Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords
S. Wang, J. Wang and M Xu

[WW04] Cryptanalysis of Two Password-Authenticated Key Exchange Protocols
Z. Wan and S. Wang

[Zha04a] New Approaches to Password Authenticated Key Exchange based on RSA
M. Zhang

[Zha04b] Analysis of the SPEKE password-authenticated key exchange protocol
M. Zhang

[Zha04c] Password Authenticated Key Exchange Using Quadratic Residues
M. Zhang

2003

[Ba03] Security Analysis of a Password Authenticated Key Exchange Protocol
F. Bao

[BJKS03] A New Two-Server Approach for Authentication with Short Secrets
J. Brainard, A. Juels, B. Kaliski and M. Szydlo

[BCP03] Security Proofs for an Efficient Password-Based Key Exchange
E. Bresson, O. Chevassut and D. Pointcheval

[BCP03b] Encrypted key exchange using mask generation function
E. Bresson, O. Chevassut and D. Pointcheval

[CHL03] Security Enhancement for a Modified Authenticated Key Agreement Protocol
C.C. Chang, K.F. Hwang and I.C. Lin

[GL03] A Framework for Password-Based Authenticated Key Exchange
R. Gennaro and Y. Lindell

[HTBGM03] A Password-Based Authenticator: Security Proof and Applications
Y. Hitchcock, Y. S. T. Tin, C. Boyd, J. M. Gonzalez-Nieto and P. Montague

[HSW03] On the Security of Some Password Authentication Protocols
Bin-Tsan Hsieh, Hung-Min Sun and Tzonelih Hwang

[HWWM03] Improvement of modified authenticated key agreement protocol
C. L. Hsu, T. S. Wu, T. C. Wu and C. Mitchell

[HYL03] EPA: An Efficient Password-Based Protocol for Authenticated Key Exchange
Y. H. Hwang, D. H. Yum and P. J. Lee

[KI03] Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions
K. Kobara and H. Imai

[KCL03a] Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme
W. C. Ku, C. M. Chen and H. L. Lee

[KCL03b] Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme
W. C. Ku, C. M. Chen and H. L. Lee

[KCT03] Password Authentication Protocols based on Hash Functions
W. C. Ku, C. M. Chen and H. C. Tsai

[KL03] Software-Only Authentication Protocols based on Cryptographic Camouflage Techniques
W. C. Ku and H. L. Lee

[KTC03] Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol
Wei-Chi Ku, Hao-Chuan Tsai, Shuai-Min Chen

[RG03] Provably Secure Threshold Password-Authenticated Key Exchange
M. D. Raimondo and R. Gennaro

[TS03a] Comments on Improved Peyravian-Zunic's Password Authentication Schemes
T. Tsuji and A. Shimizu

[TS03b] An impersonation attack on one-time password authentication protocol OSPA
T. Tsuji and A. Shimizu

[WCZ03] More Efficient Password Authenticated Key Exchange Based on RSA
Duncan S. Wong, Agnes H. Chan and Feng Zhu

[YYH03] Security of Improvement on Methods for Protecting Password Transmission
C. C. Yang, T. Y. Chang and M. S. Hwang

2002

[BCP02c] Group Diffie-Hellman Key Exchange Secure Against Dictionary Attacks
E. Bresson, O. Chevassut and D. Pointcheval

[BCP02d] Proofs of Security for Password-Based Key Exchange (IEEE P1363 AuthA Protocol and Extensions)
E. Bresson, O. Chevassut and D. Pointcheval

[CK02] Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols
C. M. Chen and W. C. Ku

[HY02] Improvement on Peyravian-Zunic's password authentication schemes
J. J. Hwang and T. C. Yeh

[Jab02] SRP-4
D. Jablon

[KOY02] Forward Secrecy in Password-Only Key Exchange Protocols
J. Katz, R. Ostrovsky and M. Yung

[KI02] Pretty-Simple Password-Authenticated Key-Exchange Protocol Proven to be Secure in the Standard Model
K. Kobara and H. Imai

[Kw02] Virtual Software Tokens - A Practical Way to Secure PKI Roaming
T. Kwon

[LLH02] A Remote User Authentication Scheme Using Hash Functions
C. C. Lee, L. H. Li and M. S. Hwang

[MSJ02] Threshold Password-Authenticated Key Exchange
P. MacKenzie, T. Shrimpton and M. Jakobsson

[MacK02] The PAK suite: Protocols for Password-Authenticated Key Exchange
P. MacKenzie

[Wu02] SRP-6: Improvements and Refinements to the Secure Remote Password Protocol
T. Wu

[ZCWY02] RSA-based Password Authenticated Key Exchange for Imbalanced Wireless Networks
F. Zhu, A. H. Chan, D. S. Wong and R. Ye

2001

[BMN01] Elliptic Curve Based Password Authenticated Key Exchange Protocols
Colin Boyd, Paul Montague and Khanh Nguyen

[Din01] Provably Everlasting Security in the Bounded Storage Model
Y. Ding

[FPKR01] Securely Available Credentials - The PDM Protocol
S. Farrell, R. Perlman, C. Kaufman and M. Rose

[GL01] Session-Key Generation using Human Passwords Only
O. Goldreich and Y. Lindell

[Jab01] Password Authentication Using Multiple Servers
D. Jablon

[KOY01] Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
J. Katz, R, Ostrovsky and M. Yung

[KP01] PDM: A New Strong Password-Based Protocol
C. Kaufman and R. Perlman

[KC01] Cryptanalysis of a one time password authentication protocols
W. C. Ku and C. M. Chen

[Kw01] Authentication and Key Agreement via Memorable Passwords
T. Kwon

[LSH01] Attacks and solutions on strong-password authentication
C. L. Lin, H. M. Sun and T. Hwang

[MacK01a] More Efficient Password-Authenticated Key Exchange
P. MacKenzie

[MacK01b] On the Security of the SPEKE Password-Authenticated Key Exchange Protocol
P. MacKenzie

[Mit01] Breaking the simple authenticated key agreement protocol
C. J. Mitchell

[PK01a] Analysis of the IPsec Key Exchange Standard
R. Perlman and C. Kaufman

[PK01b] Code-preserving Simplifications and Improvements to IKE
R. Perlman and C. Kaufman

[Sco01] Efficient Short-Password key exchange and Login Protocols
M. Scott

[Tay01] Using SRP for TLS Authentication
D. Taylor

[Wan01] EC-SRP
Y. Wang

[YSH01] Security Analysis of the Generalized Key Agreement and Password Authentication Protocol
H. Yeh, H. Sun and T. Hwang

2000

[BPR00] Authenticated Key Exchange Secure Against Dictionary Attacks
M. Bellare, D. Pointcheval and P. Rogaway

[BR00] The AuthA Protocol for Password-Based Authenticated Key Exchange
M. Bellare and P. Rogaway

[BMP00] Provably Secure Password Authenticated Key Exchange Using Diffie-Hellman
V. Boyko, P. MacKenzie and S. Patel

[BESW00] Secure Password-Based Cipher Suite for TLS
P. Buhler, T. Eirich, M. Steiner and M. Waidner

[FK00] Server-Assisted Generation of a Strong Secret from a Password
W. Ford and B. Kaliski

[GL00] Session-Key Generation using Human Passwords Only
O. Goldreich and Y. Lindell

[KW00b] Cryptanalysis of A Modified Authenticated Key Agreement Protocol
W. C. Ku and S. D. Wang

[Kw00a] Authentication and Key Agreement via Memorable Password
T. Kwon

[KS00] A Study on the Generalized Key Agreement and Password Authentication Protocol
T. Kwon and J. Song

[MPS00] Password-Authenticated Key Exchange Based on RSA
P. MacKenzie, S. Patel and R. Swaminathan

[LSH00] Three-party encrypted key exchange: attacks and a solution
Chun-Li Lin, Hung-Min Sun, Tzonelih Hwang

[LCH00] Security Enhancement for the 'Simple Authentication Key Agreement Algorithm'
I. C. Lin, C. C. Chang and M. S. Hwang

[PK00] Strong Password-Based Authentication Using Pseudorandom Moduli
R. Perlman and C. Kaufman

[PZ00] Methods for Protecting Password Transmission
M. Peyravian and N. Zunic,

[SSN00] Simple and secure password authentication protocol (SAS)
M. Sandirigama, A. Shimizu and M. T. Noda,

[Sco00] MIKE - Mike's Integrated Key Exchange
M. Scott

[Sun00] On the Security of Simple Authenticated Key Agreement Algorithm
H. Sun

[Tse00] Weakness in simple authenticated key agreement protocol
Y. M. Tseng

[Wu00] RFC 2945: The SRP Authentication and Key Exchange System
T. Wu

1999

[Boy99] Public-Key Cryptography and Password Protocols: The Multi-User Case
M. Boyarsky

[Chr99] Improvements to S3P
B. Christianson

[HK99] Public-key cryptography and password protocols
S. Halevi and H. Krawczyk

[KKP99] Comments on password-based private key download protocol of NDSS'99
S. Kim, B. Kim and S. Park

[KKJS99] An improvement of the password-based authentication protocol (K1P) on security against replay attacks
T. Kwon, M. Kang, S. Jung and J. Song

[KS99] Secure Agreement Scheme for g^xy via Password Authentication
T. Kwon and J. Song

[LL99] EC-SRP Protocol: Elliptic Curve Secure Remote Password Protocol
Y. K. Lee and J. K. Lee

[MS99] Secure Network Authentication with Password Identification
P. MacKenzie and R. Swaminathan

[PK99] Secure Password-Based Protocol for Downloading a Private Key
R. Perlman and C. Kaufman

[PM99] A Future-Adaptable Password Scheme
N. Provos and D. Mazieres

[SS99] Simple authenticated key agreement protocol
D. H. Seo and P. Sweeney

[Wu99] A Real-World Analysis of Kerberos Password Security
T. Wu

1998

[HK98] Public-key cryptography and password protocols
S. Halevi and H. Krawczyk

[KS98a] Efficient key exchange and authentication protocols protecting weak secrets
T. Kwon and J. Song

[KS98b] Efficient and secure password-based authentication protocols against guessing attacks
T. Kwon and J. Song

[RCW98] Secure Sessions from Weak Secrets
M. Roe, B. Christianson and D. Wheeler

[SHI98] A password authentication methods for contents communication on the internet
A. Shimizu, T. Horioka and H. Inagaki

[Wu98] The Secure Remote Password Protocol
T. Wu

1997

[Jab97] Extended Password Key Exchange Protocols Immune to Dictionary Attacks
D. Jablon

[KS97] Security and Efficiency in Authentication Protocols Resistant to Guessing Attacks
T. Kwon and J. Song

[Luc97] Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
S. Lucks

[Pat97] Number Theoretic Attacks On Secure Password Schemes
S. Patel

1996

[BSP96] On Password-Based Authenticated Key Exchange using Collisionful Hash Functions
S. Bakhtiari, R. Safavi-Naini and J. Pieprzyk

[Ell96] Establishing Identity Without Certification Authorities
C. Ellison

[Jab96] Strong Password-Only Authenticated Key Exchange
D. Jablon

[Jas96] Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks
B. Jaspan

[Pat96] Information Leakage in Encrypted Key Exchange
S. Patel

1995

[Gon95] Optimal Authentication Protocols Resistant to Password Guessing Attacks
L. Gong

[STW95] Refinement and Extension of Encrypted Key Exchange
M. Steiner, G. Tsudik and M. Waidner

1994

[And94] Fortifying Key Negotiation Schemes with Poorly Chosen Passwords
R. J. Anderson and T. M. A. Lomas

1993

[BM93] Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise
S. Bellovin and M. Merritt

[GLNS93] Protecting Poorly Chosen Secrets from Guessing Attacks
L. Gong, M. Lomas, R. Needham and J. Saltzer

1992

[BM92] Encrypted Key Exchange: Password- Based Protocols Secure Against Dictionary Attacks
S. Bellovin and M. Merritt


Complete references

[ABGS07] Michel Abdalla, Jens-Matthias Bohli, María Isabel González Vasco, and Rainer Steinwandt,
(Password) Authenticated Key Establishment: From 2-Party To Group,
Theory of Cryptography Conference -- TCC 2007, LNCS 4392, pp. 499--514, © IACR, Salil P. Vadhan (Ed.), Springer, February 2007.
Links: 1 2

[ABCMP06] Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Möller and David Pointcheval,
Provably Secure Password-Based Authentication in TLS,
Proceedings of the 1st ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS '06) (march 21 - 24, 2006, Taipei, Taiwan) S. Shieh and S. Jajodia Eds, Pages 35--45, ACM Press, March 2006.
Links: Pointcheval

[ABCMP07] Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Möller and David Pointcheval,
Strong Password-Based Authentication in TLS using the Three-Party Group Diffie-Hellman Protocol,
International Journal of Security and Networks, vol. 2, numbers 3/4, pp. 284-296, Inderscience, 2007.
Links: Pointcheval

[ABCP09] Michel Abdalla, Xavier Boyen, Céline Chevalier, and David Pointcheval,
Distributed Public-Key Cryptography from Weak Secrets,
Public Key Cryptography - PKC 2009, LNCS 5443, pp. 139--159, © Springer, Stanislaw Jarecki and Gene Tsudik (Eds.), March 2009.
Links: Pointcheval

[ABCP06] Michel Abdalla, Emmanuel Bresson, Olivier Chevassut and David Pointcheval,
Password-based Group Key Exchange in a Constant Number of Rounds,
Public Key Cryptography - PKC 2006, Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.), LNCS 3958, pp. 427-442, Springer-Verlag, April 2006.
Links: Abdalla Pointcheval

[ACCP08] Michel Abdalla, Dario Catalano, Céline Chevalier, and David Pointcheval,
Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework,
Topics in Cryptology - CT-RSA 2008, LNCS 4964, pp. 335-351, © Springer, Tal Malkin (Ed.), April 2008.
Links: Abdalla Pointcheval

[ACCP09] Michel Abdalla, Dario Catalano, Céline Chevalier, and David Pointcheval,
Password-Authenticated Group Key Agreement with Adaptive Security and Contributiveness,
Second African International Conference on Cryptology (AfricaCrypt '09) (june 21-25, 2009, Gammarth, Tunisia) B. Preneel Ed., Pages 254-271, LNCS 5580, © Springer-Verlag, June 2009.
Links: Abdalla Pointcheval

[ACFP05] Michel Abdalla, Olivier Chevassut, Pierre-Alain Fouque and David Pointcheval,
A Simple Threshold Authenticated Key Exchange from Short Secrets,
Advances in Cryptology -- ASIACRYPT 2005, LNCS 3788, pp. 566--584, IACR, Bimal Roy (Ed.), December 2005.
Links: Michel's page

[ACP05] M. Abdalla, O. Chevassut and D. Pointcheval,
One-time Verifier-based Encrypted Key Exchange,
Public Key Cryptography - PKC 2005, LNCS 3386, pp. 47-64, Springer-Verlag, Serge Vaudenay (Ed.), January 2005.
Links: PKC05 David's page

[AFP04] Michel Abdalla and Pierre-Alain Fouque and David Pointcheval,
Password-Based Authenticated Key Exchange in the Three-Party Setting,
Cryptology ePrint Archive: Report 2004/233, Received 13 Sep 2004.
ePrint

[AFP05] Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval,
Password-Based Authenticated Key Exchange in the Three-Party Setting,
Public Key Cryptography - PKC 2005 (pp. 65--84), Serge Vaudenay (Ed.), LNCS 3386, Springer-Verlag, January 2005.
Links: Pointcheval

[AFP06] Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval,
Password-Based Authenticated Key Exchange in the Three-Party Setting,
IEE Proceedings -- Information Security, Volume 153, issue 1, pp. 27-39, March 2006.
Links: Abdalla Pointcheval IETDL abstract

[AIP08] Michel Abdalla, Malika Izabachène, and David Pointcheval,
Anonymous and Transparent Gateway-based Password-Authenticated Key Exchange,
7th International Conference on Cryptology and Network Security - CANS 2008, LNCS 5339, pp. 133--148, © Springer, Matthew Franklin, Lucas Hui, and Duncan Wong (Eds.), December 2008.
Links: Abdalla Pointcheval

[AP05] M. Abdalla and D. Pointcheval,
Simple Password-Based Authenticated Key Protocols,
Proceedings of the Cryptographers' Track at RSA Conference 2005 (Topics in Cryptology - CT-RSA 2005), February 14-18, 2005, San Francisco, California, USA, A. Menezes Ed., LNCS 3376, pp. 191-208, Springer-Verlag, 2005.
Links 1 2

[AP05b] Michel Abdalla and David Pointcheval,
Interactive Diffie-Hellman Assumptions with Applications to Password-based Authentication,
Proceedings of Financial Cryptography and Data Security -- FC 2005, Andrew Patrick and Moti Yung, editors, Lectures Notes in Computer Science Vol. 3570, pages 341-356. Roseau, The Commonwealth Of Dominica, Feb. 28 -- Mar. 3, 2005. Springer-Verlag, Berlin, Germany.
Links David's Michel's

[AP06] Michel Abdalla and David Pointcheval,
A Scalable Password-based Group Key Exchange Protocol in the Standard Model,
Advances in Cryptology - Proceedings of ASIACRYPT '06, December 2-6, 2006, Shanghai, China, X. Lai and K. Chen Eds., pp. 332-347, LNCS 4284, Springer-Verlag, IACR, December 2006.
Links: Pointeval

[And94] R. J. Anderson and T. M. A. Lomas,
Fortifying Key Negotiation Schemes with Poorly Chosen Passwords,
Electronics Letters, v. 30, n. 13, June 23, 1994, pp. 1040-1041.

[BSP96] S. Bakhtiari, R. Safavi-Naini and J. Pieprzyk,
On Password-Based Authenticated Key Exchange using Collisionful Hash Functions,
Proceedings 1st Australasian Conference on Information Security and Privacy (ACISP '96), Wollongong, NSW, Australia, June 24-26, 1996, no. 1172, in Lecture Notes in Computer Science, J. Pieprzyk, ed., pp. 298-310, Springer-Verlag, Berlin Germany, 1996.

[Bar07] Gregory V. Bard,
Spelling-Error Tolerant, Order-Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance,
2007 Australasian Information Security Workshop Privacy Enhancing Technologies (AISW), Ballarat, Australia, Conferences in Research and Practice in Information Technology (CRPIT), vol. 68, Australian Computer Society, Inc., 2007.
citeseer eprint

[Bao03] F. Bao,
Security Analysis of a Password Authenticated Key Exchange Protocol,
Proceedings of 6th Information Security Conference - ISC 2003, LNCS 2851, pp. 208-217, Springer-Verlag Heidelberg, 2003, ISSN: 0302-9743, Information Security: 6th International Conference, ISC 2003, Bristol, UK, October 1-3, 2003. Proceedings, ISBN: 3-540-20176-9.

[BPR00] M. Bellare, D. Pointcheval and P. Rogaway,
Authenticated Key Exchange Secure Against Dictionary Attack,
Advances in Cryptology - EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, pp. 139-155, B. Preneel, ed., Springer-Verlag, May 2000.
(Conference proceedings) (1st author's page) (2nd author's page)

[BR00] M. Bellare and P. Rogaway,
The AuthA Protocol for Password-Based Authenticated Key Exchange,
Contribution to the IEEE P1363 study group, March 14, 2000.

[BM91] S. M. Bellovin and M. Merritt,
Limitations of the Kerberos Authentication System,
Winter '91 USENIX Conference Proceedings, USENIX Association, 1991.

[BM92] S. M. Bellovin and M. Merritt,
Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks (or here),
Proceedings of the I.E.E.E. Symposium on Research in Security and Privacy, pages 72-84, Oakland, IEEE Computer Society Press, May 1992.

[BM93] S. M. Bellovin and M. Merritt,
Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise
Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 244-250, ACM Press, November 1993.
Also as AT&T Bell Laboratories Tech. Report (c. 1994) (here)

[BM94] S. M. Bellovin and M. Merritt,
An Attack on the Interlock Protocol When Used for Authentication,
I.E.E.E. Transactions on Information Theory , v. 40, n. 1, January 1994, pp. 273-275.

[BVS06] Jens-Matthias Bohli, Mara Isabel Gonzalez Vasco, and Rainer Steinwandt,
Password-Authenticated Constant-Round Group Key Establishment with a Common Reference String,
Cryptology ePrint Archive, Report 2006/214, 2006.
Links: eprint

[Boy99] M. K. Boyarsky,
Public-Key Cryptography and Password Protocols: The Multi-User Case,
Proceedings of the 6th ACM Conference on Computer and Communications Security, November 1-4, 1999, Singapore.
(September 16, 1999 version)

[BMN01] Colin Boyd, Paul Montague and Khanh Nguyen,
Elliptic Curve Based Password Authenticated Key Exchange Protocols,
Proceedings of 28th Australasian Conference on Information Security and Privacy (ACISP '01), LNCS 2119, pp. 487-501, Springer-Verlag, Berlin, 2001.
Links: Citeseer

[BMP00] V. Boyko, P. MacKenzie and S. Patel,
Provably Secure Password Authenticated Key Exchange Using Diffie-Hellman,
Advances in Cryptology - EUROCRYPT 2000, volume 1807 of LNCS, pages 156-171, Springer, Preneel, B., (Ed.), May 14-18, 2000.
Links: (Conference proceedings) (MacKenzie's page and updated paper) Full version: http://eprint.iacr.org/2000/044/

[BJKS03] J. Brainard, A. Juels, B. Kaliski and M. Szydlo,
A New Two-Server Approach for Authentication with Short Secrets,
To appear USENIX Security '03, August, 2003.

[BCP02c] E. Bresson, O. Chevassut and D. Pointcheval,
Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks,
Proc. of Asiacrypt '2002, Y. Zheng, editor, LNCS 2501, pp. 497–514, Springer, December 2002.
Full version: Abstract Paper

[BCP02d] E. Bresson, O. Chevassut and D. Pointcheval,
Proofs of Security for Password-Based Key Exchange (IEEE P1363 AuthA Protocol and Extensions),
Cryptology ePrint Archive: Report 2002/192, December 19th 2002.
eprint.iacr.org, David Pointcheval

[BCP03b] E. Bresson, O. Chevassut and D. Pointcheval,
Encrypted key exchange using mask generation function,
Work in progress. Cited by [BCP03].

[BCP03] E. Bresson, O. Chevassut and D. Pointcheval,
Security Proofs for an Efficient Password-Based Key Exchange,
Extended abstract in Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 241-250, October 27-30, 2003, Washington, DC, USA. ACM Press
Links: http://www.di.ens.fr/~pointche/pub.php Full version: Abstract Paper

[BCP04] E. Bresson, O. Chevassut and D. Pointcheval,
New Security Results on Encrypted Key Exchange,
Extended abstract in 7th International Workshop on Theory and Practice in Public Key Cryptography - PKC 2004, March 1-4 2004, Singapore, F. Bao, R. Deng and J. Zhou Eds. Springer-Verlag, LNCS 2947, pages 145-158.
Full version: Abstract Paper

[BCP07] E. Bresson, O. Chevassut and D. Pointcheval,
A Security Solution for IEEE 802.11's Ad-hoc Mode: Password-Authentication and Group-Diffie-Hellman Key Exchange,
International Journal of Wireless and Mobile Computing. Special Issue on Security of Computer Network and Mobile Systems. Volume 2, Number 1, pages 4-13. © IJWMC, Inderscience, 2007.
Links: David's Inderscience

[BESW00] P. Buhler, T. Eirich, M. Steiner and M. Waidner,
Secure Password-Based Cipher Suite for TLS,
Proceedings of the Year 2000 Network and Distributed System Security Symposium, February 2-4, 2000.
(.PDF) (Postscript)

[BL05] Jin Wook Byun, Dong Hoon Lee,
N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords,
Applied Cryptography and Network Security - ACNS 2005, Proceedings. LNCS 3531, pp. 75-90, Springer-Verlag, 2005.
Links: ACNS Springer

[CHKLM05] R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie,
Universally Composable Password-Based Key Exchange,
In R. Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 404-421. Springer, May 2005.
Links: Abstract 1 2

[CPP04] Dario Catalano, David Pointcheval and Thomas Pornin,
IPAKE: Isomorphisms for Password-based Authenticated Key Exchange ,
Advances in Cryptology - Proceedings of CRYPTO '04 (August 15-19, 2004, Santa Barbara) M. Franklin Ed. Pages 477-493, LNCS 3152, Springer-Verlag, 2004.
Link

[CPP07] Dario Catalano, David Pointcheval and Thomas Pornin,
Trapdoor Hard-to-Invert Group Isomorphisms and Their Application to Password-based Authentication,
Journal of Cryptology, vol. 20, no. 1, pp. 115-149, Springer-Verlag, IACR, 2007.
Pointcheval

[CYC04] Ting-Yi Chang, Chou-Chen Yang and Chia-Meng Chen,
Improvement on Pretty-Simple Password Authenticated Key-Exchange Protocol for Wireless Networks,
Informatica, pp. 161--170, vol. 15, no. 2, Institute of Mathematics and Informatics, Lithuanian Academy of Sciences, 2004.
Links: Informatica

[CHL03] C.C. Chang, K.F. Hwang and I.C. Lin,
Security Enhancement for a Modified Authenticated Key Agreement Protocol,
International Journal of Computational and Numerical Analysis and Applications, Vol. 3, No. 1, 2003, pp.1-7.
Links: (1) (2)

[CK02] Chien-Ming Chen and Wei-Chi Ku,
Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols,
IEICE Transactions on Communications, ISSN: 0916-8516, Vol. E85-B, No. 11, pp. 2519-2521, Nov. 2002.

[Chi06] Hung-Yu Chien,
Comments on a Provably Secure Three-Party Password-Based Authenticated Key Exchange Protocol Using Weil Pairings,
ePrint Archive, received 11 Jan 2006.
Links: ePrint

[CBH05] Kim-Kwang Raymond Choo, Colin Boyd and Yvonne Hitchcock,
Examining Indistinguishability-Based Proof Models for Key Establishment Protocols,
Accepted and to appear in Advances in Cryptology - Asiacrypt 2005, Bimal Roy, editors, International Association for Cryptologic Research (IACR), Chennai, India, Lecture Notes in Computer Science, Springer-Verlag, 4-8 Dec 2005.
Links: Raymond's ePrint

[Chr99] B. Christianson,
Private communication.

[CTB06] Y. Cliff, Y.-S. Tin and C. Boyd,
Password Based Server Aided Key Exchange,
In Applied Cryptography and Network Security: Fourth International Conference - ACNS 2006. Springer-Verlag. (Volume 3986 of Lecture Notes in Computer Science)

[DH79] W. Diffie and M. E. Hellman,
Privacy and Authentication: An Introduction to Cryptography,
Proceedings of the I.E.E.E., vol. 67, No. 3, pp. 397-427 (Mar. 1979)

[DvOW92] W. Diffie, P.C. van Oorschot and M. Wiener,
Authentication and Authenticated Key Exchanges,
Designs Codes and Cryptography, 2, 107-125, (1992).

[Din01] Y. Ding,
Provably Everlasting Security in the Bounded Storage Model,
May 2001, Ph.D. dissertation.
Link

[DB06] Ratna Dutta and Rana Barua,
Password-based Encrypted Group Key Agreement,
International Journal of Network Security, vol. 3, no. 1, July 2006.
Links: IJNS, .pdf, ePrint

[Ell96] C. Ellison,
Establishing Identity Without Certification Authorities,
Proceedings of the Sixth Annual USENIX Security Symposium, San Jose, July 1996, pp. 67-76.

[FNW95] R. Fagin, M. Naor and P. Winkler,
Comparing Information Without Leaking It,
Postscript paper at http://www.wisdom.weizmann.ac.il/~naor/PUZZLES/compare.html,
September 19, 1995.

[FPKR01] S. Farrell, R. Perlman, C. Kaufman and M. Rose,
Securely Available Credentials - The PDM Protocol,
IETF draft-ietf-sacred-protocol-beep-pdm-00.txt (work in progress) June 2001.

[FK00] W. Ford and B. Kaliski,
Server-Assisted Generation of a Strong Secret from a Password,
Proceedings of the IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, NIST, Gaithersburg MD, June 14-16, 2000.
(VeriSign product literature)

[GL03] R. Gennaro & Y. Lindell,
A Framework for Password-Based Authenticated Key Exchange,
Eurocrypt 2003, Springer-Verlag (LNCS 2656), E. Biham, editor, pages 524-543, 2003.
Full version (correcting a serious flaw in the conference version): Abstract Postscript
See also Cryptology ePrint Archive: Report 2003/032.

[GMR06] Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan,
A Method for Making Password-Based Key Exchange Resilient to Server Compromise,
Advances in Cryptology - CRYPTO 2006, pp. 142-159. Lecture Notes in Computer Science Volume 4117, Springer Berlin / Heidelberg September 24, 2006.
Links: Springer Phil

[GMR05a] Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan,
Password Authenticated Key Exchange Using Hidden Smooth Subgroups,
Conference on Computer and Communications Security archive Proceedings of the 12th ACM conference on Computer and communications security, Alexandria, VA, USA, Pages 299-309, 2005.
12th ACM CCS proceedings
See also [GMR05b]

[GMR05b] Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan,
PAK-Z+,
Contribution to the IEEE P1363-2000 study group for Future PKC Standards.
P1363 PAK-Z presentation
See also [GMR05a]

[GL00] O. Goldreich & Y. Lindell,
Session-Key Generation using Human Passwords Only,
Cryptology ePrint Archive: Report 2000/057.
Downloadable from http://eprint.iacr.org/2000/057/.
(See [GL01])

[GL01] O. Goldreich & Y. Lindell,
Session-Key Generation using Human Passwords Only,
Crypto 2001, Springer-Verlag (LNCS 2139), J. Kilian, editor, pages 408-432, Aug. 2001.
(See also [GL00])
Full version: Abstract Postscript

[GLNS93] L. Gong, M. Lomas, R. Needham and J. Saltzer,
Protecting Poorly Chosen Secrets from Guessing Attacks,
I.E.E.E. Journal on Selected Areas in Communications, Vol. 11, No. 5, June 1993, pp. 648-656.

[Gon95] L. Gong,
Optimal Authentication Protocols Resistant to Password Guessing Attacks,
Proceedings of the 8th IEEE Computer Security Foundations Workshop, County Kerry, Ireland, June 1995, pp. 24-29.

[HK98]     S. Halevi and H. Krawczyk,
Public-key cryptography and password protocols
Proceedings of the Fifth ACM Conference on Computer and Communications Security, pp. 122-131, 1998, ACM.
(See revised version [HK99])

[HK99]     S. Halevi and H. Krawczyk,
Public-key cryptography and password protocols,
ACM Transactions on Information and Systems Security (TISSEC), Vol. 2, no. ?, pages ???-???, August 1999, ACM.
shaih/pubs 99-04.html
(See preliminary version [HK98])

[HR08] F. Hao and P. Ryan,
Password Authenticated Key Exchange by Juggling,
Proceedings of the 16th International Workshop on Security Protocols, Cambridge, UK, April 2008.
Links: Authors’ copy

[HTBGM03]     Y. Hitchcock, Y. S. T. Tin, C. Boyd, J. M. Gonzalez-Nieto and P. Montague,
A Password-Based Authenticator: Security Proof and Applications,
4th International Conference on Cryptology in India - Indocrypt 2003, pp. 388–401, Springer-Verlag, Vol. 2904 of Lecture Notes in Computer Science, 2003.
http://sky.fit.qut.edu.au/~boydc/papers/

[Hoe04]     J.-H. Hoepman,
The Ephemeral Pairing Problem,
To appear in 8th Int. Conf. Fin. Crypt., Key West, FL, USA, 2004.
Citeseer

[HSW03] Bin-Tsan Hsieh, Hung-Min Sun and Tzonelih Hwang,
On the Security of Some Password Authentication Protocols,
INFORMATICA, 2003, vol. 14, no. 2, pp 195-204, Institute of Mathematics and Informatics, Vilnius, ISSN 0868-4952.
Link

[HWWM03] Chien-Lung Hsu, Tzong-Sun Wu, Tzong-Chen Wu and Chris Mitchell,
Improvement of modified authenticated key agreement protocol,
Applied Mathematics and Computation, 142:305-308, 2003.
Links: (1) (2) (3) (4)

[HY02] J. J. Hwang and T. C. Yeh,
Improvement on Peyravian-Zunic's password authentication schemes,
IEICE Transactions on Communications, vol. E85-B, no. 4, pp. 823--825, 2002.

[HYL03] Y. H. Hwang, D. H. Yum and P. J. Lee,
EPA: An Efficient Password-Based Protocol for Authenticated Key Exchange,
8th Australasian Conference on Information Security and Privacy (ACISP) 2003, LNCS 2727, Springer-Verlag Berlin Heidelberg 2003, pages 452-463, 2003.

[ISOIEC] ISO JTC 1 / SC 27,
ISO/IEC 11770-4:2006: Information Technology - Security Techniques - Key Management - Part 4: Mechanisms based on weak secrets,
Standard JTC 1/SC 27

[Jab96]     D. Jablon,
Strong Password-Only Authenticated Key Exchange
Computer Communication Review, ACM SIGCOMM, vol. 26, no. 5, pp. 5-26, October 1996.
Author's site: jab96.pdf

[Jab97]     D. Jablon,
Extended Password Key Exchange Protocols Immune to Dictionary Attacks
Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE '97), IEEE Computer Society, June 18-20, 1997, Cambridge, MA, pp. 248-255.
Author's site: jab97.pdf

[Jab01]     D. Jablon,
Password Authentication Using Multiple Servers,
LNCS 2020: Topics in Cryptology -- CT-RSA 2001, April 8-12, 2001 Proceedings, pp. 344-360, 2001, Springer-Verlag.
Author's site: jab01.pdf

[Jab02]     D. Jablon,
SRP-4,
Submission to IEEE P1363.2, May 6, 2002.

[Jas96] B. Jaspan,
Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks,
Proceedings of the Sixth Annual USENIX Security Conference, July 1996, pp. 43-50.

[JG04] S. Jiang and G. Gong,
Password Based Key Exchange with Mutual Authentication,
Cryptology ePrint Archive: Report 2004/196, Full version. Received 10 Aug 2004, last revised 14 Aug 2004. An extended abstract appeared in SAC 2004 Selected Areas in Cryptography - SAC 2004. pp. 267-279, LNCS 3357, Springer-Verlag, 2004.
Links: Citeseer ePrint

[KMTG05] J. Katz, P. MacKenzie, G. Taban and V. Gligor,
Two-Server Password-Only Authenticated Key Exchange,
John Ioannidis, Angelos D. Keromytis, Moti Yung (Eds.): Applied Cryptography and Network Security, Third International Conference, ACNS 2005, New York, NY, USA, June 7-10, 2005, Proceedings. Lecture Notes in Computer Science (LNCS) 3531, pp. 1-16, Springer-Verlag, 2005, ISBN 3-540-26223-7.
Links: 1 2 3

[KOY01] J. Katz, R. Ostrovsky and M. Yung,
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords,
International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, LNCS 2045: Topics in Cryptology -- Eurocrypt 2001 Proceedings, pp. 475-494, B. Pfitzmann, editor, Springer-Verlag, May 2001.
Links: 1 2

[KOY02] J. Katz, R. Ostrovsky and M. Yung,
Forward Secrecy in Password-Only Key Exchange Protocols,
Proceedings of Third Conference on Security in Communication Networks 2002 conference (SCN 2002), LNCS (Lecture Notes in Computer Science) 2576, pp. 29-44, Springer-Verlag, 2002.
Author's copies: 1 2

[KOY05] J. Katz, R. Ostrovsky and M. Yung,
Efficient and Secure Authenticated Key Exchange Using Short Passwords,
In submission.
Preliminary full version: .pdf

[KP01] C. Kaufman and R. Perlman,
PDM: A New Strong Password-Based Protocol,
Proceedings of the 10th USENIX Security Symposium, Washington, DC, USA, August 13-17, 2001. USENIX

[KPS95] C. Kaufman, R. Perlman, M. Speciner,
Network Security: Private Communication in a Public World,
Prentice-Hall, 1995. Amazon

[KKP99] Seungjoo Kim, Byungchun Kim and Sungjun Park,
Comments on password-based private key download protocol of NDSS'99,
Electronics Letters 35(22), IEE Press, 1999, pp.1937-1938.

[KI03] K. Kobara and H. Imai,
Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions,
Cryptology ePrint Archive: Report 2003/038, Feb. 24, 2003.

[KI02] K. Kobara and H. Imai,
Pretty-Simple Password-Authenticated Key-Exchange Protocol Proven to be Secure in the Standard Model,
IEICE Trans., vol. E85-A, no. 10, pp. 2229-2237, October 2002.
Link

[KR06] Vladimir Kolesnikov and Charles Rackoff,
Key Exchange Using Passwords and Long Keys,
Cryptology ePrint Archive: Report 2006/057, received 14 Feb 2006, last revised 23 Feb 2006. Extended version of the Theory of Cryptography Conference 2006 publication with the same title.
Links: ePrint,

[KC01] W. C. Ku and C. M. Chen,
Cryptanalysis of a one time password authentication protocols,
Proceedings of the 2001 National Computer Symposium, Taiwan, pp. F046-F050, 7 Dec. 2001.

[KCL03a] Wei-Chi Ku, Chien-Ming Chen and Hui-Lung Lee,
Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme,
IEICE Transactions on Communications, Vol. E86-B, No. 5, pp. 1682-1684, May 2003. ISSN: 0916-8516.
Link

[KCL03b] Wei-Chi Ku, Chien-Ming Chen and Hui-Lung Lee,
Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme,
ACM SIGOPS Operating Systems Review archive Volume 37, Issue 4, pp. 19-25, October 2003. ISSN:0163-5980.
Links: (1) (2) (3)

[KCT03] Wei-Chi Ku, Chien-Ming Chen and Hao-Chan Tsai,
Password Authentication Protocols based on Hash Functions,
Communications of CCISA, invited paper, vol.9, no.3, pp.32-42, June 2003.
Link

[KL03] Wei-Chi Ku and Hui-Lung Lee,
Software-Only Authentication Protocols based on Cryptographic Camouflage Techniques,
Proceedings of The 13th Information Security Conference, Taiwan, pp. 8-13, Aug. 28-29, 2003.

[KTC03] Wei-Chi Ku, Hao-Chuan Tsai, Shuai-Min Chen,
Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol,
Source ACM SIGOPS Operating Systems Review, Volume 37, Issue 4, October 2003, Pages: 26-31, ISSN:0163-5980, ACM Press, New York, NY, USA.
Link

[KW00b] Wei-Chi Ku and Sheng-De Wang,
Cryptanalysis of A Modified Authenticated Key Agreement Protocol,
IEE Electronics Letters, ISSN: 0013-5194, vol. 36, no. 21, 12 October 2000, pp. 1770-1771, ¡iSCI, EI¡j.
Links: (1) (2) Slides by Tai-Xing Yu, 2001/2/20

[Kw00a]     T. Kwon,
Authentication and Key Agreement via Memorable Password,
Cryptology ePrint Archive: Report 2000/026, also submitted to IEEE P1363.
Downloadable from http://eprint.iacr.org/2000/026/.

[Kw01] T. Kwon,
Authentication and Key Agreement via Memorable Passwords,
NDSS 2001 Symposium Conference Proceedings,
February 7-9, 2001.

[Kw02] Taekyoung Kwon,
Virtual Software Tokens - A Practical Way to Secure PKI Roaming,
Proceedings of Infrastructure Security: International Conference, InfraSec 2002, Bristol, UK, October 1-3, 2002, G. Davida, Y. Frankel, O. Rees (Eds.), Lecture Notes in Computer Science, vol. 2437, pp. 288-302, Springer-Verlag Heidelberg, ISSN: 0302-9743.
Online at: Springer link

[Kw04] Taekyoung Kwon,
Practical Authenticated Key Agreement using Passwords,
Proceedings of 7th Information Security Conference (ISC’04), Palo Alto, CA, USA, September 27-29, 2004, pp. 1-12, LNCS (Lecture Notes in Computer Science) Vol. 3225, Springer-Verlag, pp.1-12, September 2004.
Links: Author's site Conference version Full paper

[KKJS99] T. Kwon, M. Kang, S. Jung and J. Song,
An improvement of the password-based authentication protocol (K1P) on security against replay attacks,
IEICE Transactions on Communications, vol. E82-B, no. 7, pp. 991-997, July 1999.

[KPL05] Taekyoung Kwon, Young-Ho Park and Hee Jung Lee
Security Analysis and Improvement of the Efficient Password-based Authentication Protocol,
IEEE Communication Letters, vol. 9, no. 1, January 2005.
Link

[KS97]     T. Kwon and J. Song,
Security and Efficiency in Authentication Protocols Resistant to Guessing Attacks
22nd Annual IEEE International Conference on Local Computer Networks (LCN'97), pp. 245-252.
Links: 1 2 3

[KS98a]     T. Kwon and J. Song,
Efficient key exchange and authentication protocols protecting weak secrets,
IEICE Trans. Fundamentals, Vol. E81-A, no. 1, pp. 156-163, January 1998.
Link: 1

[KS98b]     T. Kwon and J. Song,
Efficient and secure password-based authentication protocols against guessing attacks,
Computer Communications, Vol. 21, No. 9, pp. 853-861, July 1998.

[KS99]     T. Kwon and J. Song,
Secure Agreement Scheme for g^xy via Password Authentication,
Electronics Letters, vol.35, no.11, pp.892-893, 27 May 1999

[KS00]     T. Kwon and J. Song,
A Study on the Generalized Key Agreement and Password Authentication Protocol,
IEICE Transactions on Communications, vol. E83-B, no. 9, pp. 2044-2050, September 2000

[LLH02] Cheng-Chi Lee, Li-Hua Li and Min-Shiang Hwang,
A Remote User Authentication Scheme Using Hash Functions,
ACM SIGOPS Operating Systems Review, Vol. 36, Issue 4, pp. 23-29, October 2002. ISSN:0163-5980
Slides by Chia-Hsing Liao, December 12, 2003.

[LHPM05] S. Lee, Y. Hitchcock, Y. Park, and S. Moon,
Secure Tripartite Password Protected Key Exchange Protocol based on Elliptic Curve,
Selected Areas in Cryptography - SAC 2005. Springer-Verlag. (Lecture Notes in Computer Science), 2005.

[LL99] Young Ki Lee and Jong Kyu Lee,
EC-SRP Protocol: Elliptic Curve Secure Remote Password Protocol,
Korea Institute of Information Security and Cryptology, Vol 9, No. 1, pp. 85-102, 1999.
(9MB .pdf file in Korean)

[LHL04] Su-Mi Lee, Jung Yeon Hwang, Dong Hoon Lee,
Efficient Password-Based Group Key Exchange,
Trust and Privacy in Digital Business - TrustBus 2004, pp. 191–199, Volume 3184 of Lecture Notes in Computer Science, Springer-Verlag, 2004.
Links: TrustBus 2004

[LSH00] Chun-Li Lin, Hung-Min Sun, Tzonelih Hwang,
Three-party encrypted key exchange: attacks and a solution,
ACM SIGOPS Operating Systems Review, vol. 34, iss. 4, pp. 12-20, October 2000, ISSN:0163-5980, ACM Press, New York, NY, USA.
Links: 1 2

[LSH01] C. L. Lin, H. M. Sun and T. Hwang,
Attacks and solutions on strong-password authentication,
IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622--2627, Sept. 2001.

[LCH00] Iuon-Chang Lin, Chin-Chen Chang, Min-Shiang Hwang,
Security Enhancement for the 'Simple Authentication Key Agreement Algorithm',
The Twenty-Fourth Annual International Computer Software and Applications Conference, October 25-28, 2000, Taipei, Taiwan, p. 113, (C) 2000 IEEE.
Links: (1) (2)

[LC06] Rongxing Lu and Zhenfu Cao,
Off-line Password Guessing Attack on an Efficient Key Agreement Protocol for Secure Authentication,
International Journal of Network Security, Vol. 3, No. 1, 2006, pp. 35-38, July 1, 2006.
Links: IJNS

[Luc97]     S. Lucks,
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys ,
The Security Protocol Workshop '97, Ecole Normale Superieure, April 7-9, 1997.

[MacK01a] P. MacKenzie,
More Efficient Password-Authenticated Key Exchange,
LNCS 2020: Topics in Cryptology -- CT-RSA 2001, April 8-12, 2001 Proceedings, pp. 361-377, 2001, Springer-Verlag.

[MacK01b] P. MacKenzie,
On the Security of the SPEKE Password-Authenticated Key Exchange Protocol,
Cryptology ePrint Archive: Report 2001/057.
Downloadable from http://eprint.iacr.org/2001/057/.

[MacK02] P. MacKenzie,
The PAK suite: Protocols for Password-Authenticated Key Exchange,
Submission to IEEE P1363.2, April 2002.
See also: Technical report No 2002-46. DIMACS Center, Rutgers University
http://dimacs.rutgers.edu/TechnicalReports/abstracts/2002/2002-46.html

[MP05] P. MacKenzie and S. Patel,
Hard Bits of the Discrete Log with Applications to Password Authentication,
Cryptographers' Track at RSA Conference - RSA 2005, LNCS 3376, pp.209–226, Springer-Verlag.
Link

[MPS00] P. MacKenzie, S. Patel and R. Swaminathan,
Password-Authenticated Key Exchange based on RSA,
Advances in Cryptology - Asiacrypt 2000, LNCS 1976, pp.599–613, Springer-Verlag.
(see also [MS99])
Author's link: cm.bell-labs.com/who/philmac/research/snapi-ac.ps

[MSJ02] P. MacKenzie, T. Shrimpton and M. Jakobsson,
Threshold Password-Authenticated Key Exchange,
CRYPTO 2002, Wed. Aug. 21, 11:55-12:20.

[MS99] P. MacKenzie and R. Swaminathan,
Secure Network Authentication with Password Identification,
Presented to IEEE P1363, August, 1999. (MacKenzie's bibliography)
(see also [MPS00])

[McC90] K. McCurley,
The Discrete Logarithm Problem,
Cryptology and Computational Number Theory, Proceedings of Symposia in Applied Mathematics, vol. 42, 1990, pp. 49-74.

[MOV96] A. Menezes, P. van Oorschot and S. Vanstone,
Handbook of Applied Cryptography,
CRC Press, 1996.

[Mit01] C. J. Mitchell,
Breaking the simple authenticated key agreement (SAKA) protocol,
Royal Holloway, University of London, Mathematics Department Technical Report RHUL-MA-2001-2, August 18, 2001, 2 pages.
Links here and here.

[NLKW07] Junghyun Nam, Youngsook Lee, Seungjoo Kim, and Dongho Won,
Security Weakness in a Three-Party Pairing-Based Protocol for Password Authenticated Key Exchange,
Information Sciences, Volume 177, Issue 6, Elsevier Science Inc, 15 March 2007, pp. 1364-1375.
Links: Kim

[NV04] M.-H. Nguyen and S. Vadhan,
Simpler Session-Key Generation from Short Random Passwords,
Proceedings of the First Theory of Cryptography Conference (TCC `04), (Wed. Aug. 21, 11:55-12:20), Lecture Notes in Computer Science 2951 (2004) 428 445, Springer-Verlag, 2004.
Citeseer link

[NIST94] National Institute of Standards and Technology,
Digital Signature Standard,
NIST FIPS PUB 186, U.S. Department of Commerce, May 1994.

[P1363]     IEEE P1363 Working Group,
P1363.2: Standard Specifications for Password-Based Public-Key Cryptographic Techniques,
Work in progress. Draft available at the IEEE P1363 web site.

[PNKW06] Sangjoon Park, Junghyun Nam, Seungjoo Kim and Dongho Won,
Efficient Password-Authenticated Key Exchange Based on RSA,
Topics in Cryptology – Proceedings of CT-RSA 2007, Cryptographic Protocols (II), Lecture Notes in Computer Science vol. 4377, pp. 309-323, Springer, 2006.
Links: Kim

[Pat96]     S. Patel,
Information Leakage in Encrypted Key Exchange
Proceedings of DIMACS Workshop on Network Threats, 38: 33-40, Dec. 4-6 1996.

[Pat97]     S. Patel,
Number Theoretic Attacks On Secure Password Schemes,
1997 IEEE Symposium on Security and Privacy, Oakland, California, May 5-7, 1997.

[PK00] R. Perlman and C. Kaufman,
Strong Password-Based Authentication Using Pseudorandom Moduli,
IETF draft-perlman-strong-pass-00.txt June 26, 2000. (draft expired. see also [FPKR01])

[PK01a] R. Perlman and C. Kaufman,
Analysis of the IPsec Key Exchange Standard,
Proceedings of the IEEE 10th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, MIT, Cambridge, MA, June 20-22, 2001.
(see also [PK01b])

[PK01b] R. Perlman and C. Kaufman,
Code-preserving Simplifications and Improvements to IKE,
IETF draft-ietf-ipsec-improveike-00.txt (work in progress) July 9, 2001.
(see also [PK01a])

[PK99] R. Perlman and C. Kaufman,
Secure Password-Based Protocol for Downloading a Private Key,
Proceedings of the 1999 Network and Distributed System Security, February 3-5, 1999.

[PG05]     Raphael Chung-Wei Phan, Bok-Min Goi,
Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme,
Applied Cryptography and Network Security - ACNS 2005, Proceedings. LNCS 3531, pp. 33-39, Springer-Verlag, 2005.
Links: Springer ACNS 2005

[PZ00] Mohammad Peyravian and Nevenko Zunic,
Methods for Protecting Password Transmission,
Computers and Security vol. 19, no. 5, pp. 466-469, July 2000.
Link

[PH78] Pohlig and Hellman,
An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance,
I.E.E.E. Transactions on Information Theory, pp. 106-110, January 1978.

[PM99] N. Provos and D. Mazieres,
A A Future-Adaptable Password Scheme,
1999 USENIX Annual Technical Conference, June 6-11, 1999.

[RG03] M. D. Raimondo and R. Gennaro,
Provably Secure Threshold Password-Authenticated Key Exchange,
Advances in Cryptology - Eurocrypt 2003 (pp. 507–523). Springer-Verlag. Volume 2656 of Lecture Notes in Computer Science)
Link

[RCW98] M. Roe, B. Christianson, D. Wheeler,
Secure Sessions from Weak Secrets,
Technical report from University of Cambridge and University of Hertfordshire, 1998. Submitted to Operating Systems Review.
Links: 1 2 3

[SSN00] M. Sandirigama, A. Shimizu and M. T. Noda,
Simple and secure password authentication protocol (SAS),
IEICE Transactions on Communications, vol. E83-B, no. 6, pp. 1363--1365, June 2000.

[Sch96] B. Schneier,
Applied Cryptography Second Edition,
John Wiley and Sons, 1996.

[Sco00] M. Scott,
MIKE - Mike's Integrated Key Exchange,
Dublin City University, School of Computing, Working Paper CA-1300, November, 2000.
Discussed in sci.crypt Jan 25, 2001 and posted here

[Sco01] M. Scott,
Efficient Short-Password key exchange and Login Protocols,
School of Computer Applications, Dublin City University, Ireland, 20 September, 2001.
Available here.

[SS99] D. H. Seo and P. Sweeney,
Simple authenticated key agreement protocol,
IEE Electronics Letters, v. 35, no. 13, pp. 1073-1074, June 1999.
Links here, here and here.

[SHI98] A. Shimizu, T. Horioka and H. Inagaki,
A password authentication methods for contents communication on the internet,
IEICE Transactions on Communications, vol. E81-B, no. 8, pp. 1666--1673, Aug. 1998.

[SKI05] S. Shin, K. Kobara and H. Imai,
Efficient and leakage-resilient authenticated key transport protocol based on RSA,
Applied Cryptography and Network Security, J. Ioannidis, A. D. Keromytis and M. Yung, editors, Third International Conference, ACNS 2005, New York, NY, USA, volume 3531 of Lecture Notes in Computer Science, pages 269–284, Springer-Verlag, 2005.
Link: Springer

[STW95] M. Steiner, G. Tsudik and M. Waidner,
Refinement and Extension of Encrypted Key Exchange,
Operating Systems Review, vol. 29, Iss. 3, pp. 22-30 (July 1995).

[Sun00] H. Sun,
On the Security of Simple Authenticated Key Agreement Algorithm,
Proceedings of Management Theory Workshop 2000, 2000.

[TC06] Qiang Tang and Kim-Kwang Raymond Choo,
Secure Password-based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks,
Applied Cryptography and Network Security: Fourth International Conference - ACNS 2006, pp. 1621-177 Lecture Notes in Computer Science, vol. 3986, Springer-Verlag, 2006.
Links: QUT ACNS

[TM05a] Qiang Tang and Chris J. Mitchell,
Enhanced password-based key establishment protocol,
Cryptology ePrint Archive: Report 2005/141, Received 10 May 2005, last revised 15 Jun 2005.
Link: ePrint

[TM05b] Qiang Tang and Chris J. Mitchell,
On the security of some password-based key agreement schemes,
Cryptology ePrint Archive: Report 2005/156, Received 26 May 2005.
Link: ePrint

[TM05c] Qiang Tang and Chris J. Mitchell,
Weaknesses in a leakage-resilient authenticated key transport protocol,
Cryptology ePrint Archive: Report 2005/173, Received 10 Jun 2005.
Link: ePrint

[TA91] J. Tardo and K. Alagappan,
SPX: Global authentication using public key certificates,
Proceedings of I.E.E.E. Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 232-244, May 1991.

[Tay01] D. Taylor,
Using SRP for TLS Authentication,
IETF draft-ietf-tls-srp-01.txt (work in progress) June 29, 2001.

[Tse00] Y.M. Tseng,
Weakness in simple authenticated key agreement protocol,
Electronics Letters, Vol. 36, No. 1, 2000, pp. 48-49.

[TS03a] Takasuke Tsuji and Akihiro Shimizu,
Comments on Improved Peyravian-Zunic's Password Authentication Schemes,
(Reference not yet translated)
Links: (1) (2)

[TS03b] T. Tsuji and A. Shimizu,
An impersonation attack on one-time password authentication protocol OSPA,
To appear in IEICE Transactions on Communications, vol. E86-B, no. 7, July 2003.

[vOW96] P. C. van Oorschot, M. J. Wiener,
On Diffie-Hellman Key Agreement with Short Exponents,
Proceedings of Eurocrypt 96, Springer-Verlag, May 1996.

[VS06] P. C. van Oorschot and S. Stubblebine,
On Countering Online Dictionary Attacks With Login Histories and Humans-in-the-Loop,
ACM Transactions on Information and System Security (TISSEC), vol. 9, Issue 3, (August 2006), pp. 235-258, 2006.
Links: ACM
Preprint of extended version of [22], March 9, 2006.
Links: Paul citeseer

[Ver07] Eric Verheul,
Selecting secure passwords,
To be presented at the RSA security conference Cryptographers’ Track, February 5-9, 2007, San Francisco.
Links: Author .ps .pdf

[VYT05] D. Q. Viet, Akihiro Yamamura and Hidema Tanaka,
Anonymous Password-Based Authenticated Key Exchange,
6th International Conference on Cryptology in India - Indocrypt 2005 (pp. 244--257), Springer-Verlag, Volume 3797 of Lecture Notes in Computer Science, 2005.
Springer IEICE Slide presentation

[WW04] Z. Wan and S. Wang,
Cryptanalysis of Two Password-Authenticated Key Exchange Protocols,
H. Wang et al. (Eds.): 9th Australasian Conference on Information Security and Privacy - ACISP 2004, LNCS 3108, pp. 164-175, Springer-Verlag, Berlin, Heidelberg, 2004.

[WKKK05]     Peng Wang, Yongdae Kim, Vishal Kher, Taekyoung Kwon,
Strengthening Password-Based Authentication Protocols Against Online Dictionary Attacks,
Applied Cryptography and Network Security - ACNS 2005, Proceedings. LNCS 3531, pp. 17-32, Springer-Verlag, 2005.
Link

[WWX04]     S. Wang, J. Wang and M Xu,
Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords,
Applied Cryptography and Network Security: Second International Conference - ACNS 2004 (pp. 414–425), Springer-Verlag, Volume 3089 of Lecture Notes in Computer Science, 2004.
Springer

[Wan01]     Y. Wang,
EC-SRP,
Submission to IEEE P1363, June 2001, updated May 2002.

[WCZ03]     Duncan S. Wong, Agnes H. Chan and Feng Zhu,
More Efficient Password Authenticated Key Exchange Based on RSA,
Progress in Cryptology - INDOCRYPT 2003, Lecture Notes in Computer Science Volume 2904, pp. 375-387, Springer, 2003.
.pdf Springer

[WCZ05]     Duncan S. Wong, Agnes H. Chan and Feng Zhu,
Password Authenticated Key Exchange for Resource-constrained Wireless Communications,
4th IEEE International Conference on Networking 2005 (ICN 2005), Lecture Notes in Computer Science, vol. 3421, pp. 827-834, Springer, 2005.
Springer Author's .pdf

[Wu98]     T. Wu,
The Secure Remote Password Protocol ,
Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, March 1998, pp. 97-111.

[Wu99] T. Wu,
A Real-World Analysis of Kerberos Password Security,
Proceedings of the 1999 Network and Distributed System Security Symposium, February 3-5, 1999.

[Wu00] T. Wu,
The SRP Authentication and Key Exchange System,
IETF RFC 2945, September 2000.

[Wu02] T. Wu,
SRP-6: Improvements and Refinements to the Secure Remote Password Protocol,
white paper, Arcot Systems, October 29, 2002.
Links: Stanford IEEE P1363

[YYH03] Chou-Chen Yang, Ting-Yi Chang and Min-Shiang Hwang,
Security of Improvement on Methods for Protecting Password Transmission,
Received June 2003 INFORMATICA, 2003, vol. 14, no. 4, pp. 551-558
Links: (1) (2)

[YSH01] Her-Tyan Yeh, Hung-Min Sun and Tzonelih Hwang,
Security Analysis of the Generalized Key Agreement and Password Authentication Protocol,
IEEE Communications Letters, vol. 5, no. 11, November 2001.

[Zha04a] Muxiang Zhang,
New Approaches to Password Authenticated Key Exchange based on RSA,
Cryptology ePrint Archive: Report 2004/033
Advances in Cryptology - Asiacrypt 2004, pp. 230–244, Springer-Verlag, Vol. 3329 of Lecture Notes in Computer Science, 2004.
Links: Citeseer ePrint ASAICRYPT 2004 3

[Zha04b] Muxiang Zhang,
Analysis of the SPEKE password-authenticated key exchange protocol,
IEEE Communications Letters, vol. 8, no. 1, pp. 63-65, January 2004, ISSN: 1089-7798.
Links: IEEE

[Zha04c] Muxiang Zhang,
Password Authenticated Key Exchange Using Quadratic Residues,
Applied Cryptography and Network Security: Second International Conference - ACNS 2004 (pp. 248–262). Springer-Verlag. (Volume 3089/2004 of Lecture Notes in Computer Science)
Links: Springer

[Zha05] Muxiang Zhang,
Breaking an Improved Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks,
IEEE Communications Letters, vol 9, issue 3, pp. 276–278, IEEE Communications Society Press, March 2005.
Links: IEEE

[ZCWY02] Feng Zhu, Agnes H. Chan, Duncan S. Wong and Robbie Ye,
RSA-based Password Authenticated Key Exchange for Imbalanced Wireless Networks,
5th Information Security Conference 2002 (ISC'02), Sao Paulo, Brazil, Sep. 30 - Oct. 2, 2002, LNCS 2433, pp. 150-161, Springer-Verlag Heidelberg, 2002, ISSN: 0302-9743.
Link to author's copy Postscript


Page last updated: December 29, 2009