Copyright © 1996-1997 Integrity Sciences, Inc. All rights reserved.
Publications on
Proofs of Human Knowledge
This page lists papers and books on the topic of proofs of human knowledge. These cryptographic methods are also known as key amplifiers or strong password authentication.
If you can't find what you're looking for here, or if you know of a relevant paper we haven't listed, we'd be glad to hear about it.
[Pat97]
Number Theoretic Attacks On Secure Password Schemes
Sarvar Patel of Bellcore
analyses EKE and Secret Public-Key methods,
and describes attacks on the RSA-variants.
He also shows constraints needed for
securing DH-EKE, independently confirming some
results of [Jab96].
[Wu97]
The Secure Remote Password Protocol
Tom Wu describes SRP.
This is a variation of
password-authenticated Diffie-Hellman.
Some early versions of SRP posted to
sci.crypt were attacked and broken.
The best survivor, SRP-3, is functionally
equivalent to Augmented-EKE (or B-EKE),
and allows an interesting
tradeoff between performance improvement
and security.
| [And94] | R. J. Anderson and T. M. A. Lomas, Fortifying Key Negotiation Schemes with Poorly Chosen Passwords, Electronics Letters, v. 30, n. 13, June 23, 1994, pp. 1040-1041. |
| [BM91] |
S. M. Bellovin
and M. Merritt, Limitations of the Kerberos Authentication System, Winter '91 USENIX Conference Proceedings, USENIX Association, 1991. |
| [BM92] |
S. M. Bellovin
and M. Merritt, Encrypted Key Exchange: Password- Based Protocols Secure Against Dictionary Attacks (or here), Proceedings of the I.E.E.E. Symposium on Research in Security and Privacy, Oakland, May 1992. |
| [BM93] |
S. M. Bellovin
and M. Merritt, An Attack on the Interlock Protocol When Used for Authentication, I.E.E.E. Transactions on Information Theory , v. 40, n. 1, January 1994, pp. 273-275. |
| [BM94] |
S. M. Bellovin
and M. Merritt, Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise (or here), AT&T Bell Laboratories (c. 1994). |
| [DH79] | W. Diffie and M. E. Hellman, Privacy and Authentication: An Introduction to Cryptography, Proceedings of the I.E.E.E., vol. 67, No. 3, pp. 397-427 (Mar. 1979) |
| [DvOW92] | W. Diffie, P.C. van Oorschot, and M. Wiener, Authentication and Authenticated Key Exchanges, Designs Codes and Cryptography, 2, 107-125, (1992) |
| [Ell96] | C. Ellison, Establishing Identity Without Certification Authorities, Proceedings of the Sixth Annual USENIX Security Symposium, San Jose, July 1996, pp. 67-76. |
| [FNW95] |
Ronald Fagin, Moni Naor and Peter Winkler, Comparing Information Without Leaking It, Postscript paper at http://www.wisdom.weizmann.ac.il/~naor/compare.html, September 19, 1995. |
| [GLNS93] |
L. Gong,
M. Lomas, R. Needham, & J. Saltzer, Protecting Poorly Chosen Secrets from Guessing Attacks, I.E.E.E. Journal on Selected Areas in Communications, Vol. 11, No. 5, June 1993, pp. 648-656. |
| [Gon95] |
L. Gong, Optimal Authentication Protocols Resistant to Password Guessing Attacks, Proceedings of the 8th IEEE Computer Security Foundations Workshop, County Kerry, Ireland, June 1995, pp. 24-29. |
| [Jab96] |
D. Jablon, Strong Password-Only Authenticated Key Exchange Computer Communication Review, ACM SIGCOMM, vol. 26, no. 5, pp. 5-26, October 1996. |
| [Jab97] |
D. Jablon, Extended Password Key Exchange Protocols Immune to Dictionary Attacks , Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE '97), IEEE Computer Society, June 18-20, 1997, Cambridge, MA, pp. 248-255. |
| [Jas96] | B. Jaspan, Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks, Proceedings of the Sixth Annual USENIX Security Conference, July 1996, pp. 43-50. |
| [KPS95] | C. Kaufman, R. Perlman, M. Speciner, Network Security: Private Communication in a Public World, Prentice-Hall., 1995. |
| [Luc97] |
S. Lucks, Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , The Security Protocol Workshop '97, Ecole Normale Superieure, April 7-9, 1997. |
| [McC90] | K. McCurley, The Discrete Logarithm Problem, Cryptology and Computational Number Theory, Proceedings of Symposia in Applied Mathematics, vol. 42, 1990, pp. 49-74. |
| [MOV96] | A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996. |
| [NIST94] |
National Institute of Standards and Technology, Digital Signature Standard, NIST FIPS PUB 186, U.S. Department of Commerce, May 1994. |
| [Pat97] |
S. Patel,
Number Theoretic Attacks On Secure Password Schemes 1997 IEEE Symposium on Security and Privacy, Oakland, California, May 5-7, 1997. |
| [PH78] | Pohlig & Hellman, An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance, I.E.E.E. Transactions on Information Theory, pp. 106-110, January 1978. |
| [Sch96] | B. Schneier, Applied Cryptography Second Edition, John Wiley & Sons, 1996. |
| [STW95] | M. Steiner, G. Tsudik, and M. Waidner, Refinement and Extension of Encrypted Key Exchange, Operating Systems Review, vol. 29, Iss. 3, pp. 22-30 (July 1995). |
| [TA91] | J. Tardo & K. Alagappan, SPX: Global authentication using public key certificates, Proceedings of I.E.E.E. Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 232-244, May 1991. |
| [vOW96] | P. C. van Oorschot, M. J. Wiener, On Diffie-Hellman Key Agreement with Short Exponents, Proceedings of Eurocrypt ’96, Springer-Verlag, May 1996. |
| [Wu97] |
T. Wu, The Secure Remote Password Protocol , Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, March 1998, pp. 97-111. |