Summary: An extended abstract of this work appears in S. Vaudenay, editor, Public Key Cryptography PKC 2005,
Lectures Notes in Computer Science Vol. 3386, pages 4764, Les Diablerets, Switzerland, Jan. 2326, 2005.
Springer-Verlag, Berlin, Germany.
One-time Verifier-based Encrypted Key Exchange
Michel Abdalla1, Olivier Chevassut2, and David Pointcheval1
D´ept d'informatique, ´Ecole normale sup´erieure, 75230 Paris Cedex 05, France
Lawrence Berkeley National Laboratory, Berkeley, CA 94720, USA,
Abstract. "Grid" technology enables complex interactions among computational and data re-
sources; however, to be deployed in production computing environments "Grid" needs to imple-
ment additional security mechanisms. Recent compromises of user and server machines at Grid
sites have resulted in a need for secure password-authentication key-exchange technologies. AuthA
is an example of such a technology considered for standardization by the IEEE P1363.2 working
group. Unfortunately in its current form AuthA does not achieve the notion of forward-secrecy in
a provably-secure way nor does it allow a Grid user to log into his account using an un-trusted
computer. This paper addresses this void by first proving that AuthA indeed achieves this goal, and
then by modifying it in such a way that it is secure against attacks using captured user passwords