Authenticated Agreement

Password Authenticated Key Exchange (PAKE) is when two or more parties, solely on the basis of their knowledge of a password, establish a cryptographic key by exchanging messages, so that an unauthorized party (who controls the communication channel but does not have the password) cannot participate in the method and is, where possible, limited by password brute force rates. (The optimal case gives exactly one guess per pass exchange.) Two forms of PAKE are balanced and augmented methods. Many key exchange systems allow one party to generate the key and send that key simply to the other party – the other party has no influence on the key. Using a key-agreement protocol avoids some key distribution issues related to these systems. Today, protocols considered part of PAKE are one of the most widespread cryptographic primitives due to their necessity. The PAKE family of protocols is one of the most common cryptographic primitives, as public key distribution is required to perform high-level tasks like encryption and MAC computation. When it comes to important agreements, the parties need the information that each of them would have. As is known, the most common approach currently is the key to the temporary exchange of public keys between the parties and the subsequent sending of an encrypted and cryptographically strong key. There are many in the accuracy of these protocols and analogs that are usually based on the Diffie Hellman protocol. However, all of these reports have a common fundamental error – they confront eavesdropping and offer no authentication mechanism, let alone confirming key ownership to counter the imposition of traffic.

Thus, if the certificate containing the public key of the second party was intercepted in one way or another and replaced by an intruder, in the absence of real knowledge of the recipient`s type certificate, it was wiretapped without being discovered. Similarly, the applicability of the PAKE family of protocols can be justified by the interactivity requirements in the guessing of the attacker`s password, unlike the absolute in case of non-interactive authentication for conventional protocols based on the Diffie Hellman protocol. A large number of alternative and secure PAKE protocols have been implemented by M. Bellare, D. Pointcheval and P. Rogaway, variations and security proofs have been offered in this class more and more key password-authenticated tuning methods. The current standards for these methods are IETF RFC 2945, RFC 5054, RFC 5931, RFC 5998, RFC 6124, RFC 6617, RFC 6628 and RFC 6631, IEEE Std 1363.2-2008, ITU-T X.1035 and ISO-IEC 11770-4:2006. Password-authenticated key request is a process in which a client receives a static key in a password-based negotiation with a server that knows the data associated with the password. This type of protocol allows the user to obtain the necessary data from the server after authenticated by password. It is important that even after N-1 of all N servers has been compromised, none of the N-1 servers can hide either client server or N server.

This makes these schemes useful when a variation of the threshold signature or other threshold algorithm needs to be implemented. The exponential exchange of keys in itself does not provide for prior agreement or subsequent authentication between participants. So it has been described as an anonymous key memorandum of understanding….

About the author: admin