FACTOID # 22: South Dakota has the highest employment ratio in America, but the lowest median earnings of full-time male employees.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > SPEKE (cryptography)

SPEKE (Simple Password Exponential Key Exchange) is a cryptographic method for password-authenticated key agreement. In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more partys knowledge of a password. ...

Contents


Description

The protocol consists of little more than a Diffie-Hellman key exchange where the Diffie-Hellman generator g is created from a hash of the password. Diffie-Hellman key exchange (alternatively key agreement or key negotiation) is a cryptographic protocol which allows two parties to agree on a secret key over an insecure communications channel. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ...


Here is one simple form of SPEKE:

  1. Alice and Bob agree to use an appropriately large and randomly selected safe prime p.
  2. Alice and Bob agree on a shared password π.
  3. Alice and Bob both construct g = hash(π)2 mod p. (Squaring makes g a generator of the prime order subgroup of the multiplicative group of integers modulo p.)
  4. Alice chooses a secret random integer a, then sends Bob ga mod p.
  5. Bob chooses a secret random integer b, then sends Alice gb mod p.
  6. Alice and Bob each abort if their received values are not in the range [2,p-2], to prevent small subgroup confinement attack.
  7. Alice computes K = (gb mod p)a mod p.
  8. Bob computes K = (ga mod p)b mod p.

Both Alice and Bob will arrived at the same value for K if and only if they use the same value for π. Once Alice and Bob compute the shared secret K they can use it in a key confirmation protocol to prove to each other that they know the same password π, and to derive a shared secret encryption key for sending secure and authenticated messages to each other. Alice and Bob are conventional placeholder terms referring to common archetypal characters used in explanations in fields such as cryptography and physics. ... A safe prime is a prime number of the form 2p + 1, where p is also a prime. ... In its simplest form, multiplication is a quick way of adding identical numbers. ...


Unlike unauthenticated Diffie-Hellman, SPEKE prevents man in the middle attack by the incorporation of the password. An attacker who is able to read and modify all messages between Alice and Bob cannot learn the shared key K and cannot make more than one guess for the password in each interaction with a party that knows it. In cryptography, a man in the middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. ...


In general, SPEKE can use any prime order group that is suitable for public key cryptography, including elliptic curve cryptography. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the mathematics of elliptic curves. ...


History

SPEKE was first described by David Jablon in 1996 (1), and refined and enhanced in 1997 (2) with additional variations, including an augmented password authenticated key agreement method called B-SPEKE.


The protocol is one of the older and well-known in the relatively new field of password-authenticated key exchange, and no flaws have been published for it since 1997 (2). A paper published by MacKenzie in 2001 (3) presents a proof in the random oracle model that SPEKE is a secure PAKE protocol (using a somewhat relaxed definition) based on a variation of the Decision Diffie-Hellman assumption.


Since 1999, the protocol has been used by several companies in a variety of products, typically supplementing other cryptographic techniques.


Patents

U.S. Patent 6,226,383 describes several variations of the method.


Standards

Standards that describe SPEKE include IEEE P1363.2 and ISO/IEC Draft 11770-4.


References

  • D. Jablon. Strong Password-Only Authenticated Key Exchange. Computer Communication Review, ACM SIGCOMM, vol. 26, no. 5, pp. 5-26, October 1996 Author's link.
  • D. Jablon. Extended Password Key Exchange Protocols Immune to Dictionary Attacks. Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE '97), IEEE Computer Society, June 18-20, 1997, Cambridge, MA, pp. 248-255. Author's link.
  • P. MacKenzie. On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. Cryptology ePrint Archive: Report 2001/057.

See also

  • Password-authenticated key agreement
  • Password
  • IEEE 1363
  • Diffie-Hellman key exchange

In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more partys knowledge of a password. ... A password is a form of authentication which uses secret data to control access to a resource. ... Diffie-Hellman key exchange (alternatively key agreement or key negotiation) is a cryptographic protocol which allows two parties to agree on a secret key over an insecure communications channel. ...

External links

  • Links for password-based cryptography

  Results from FactBites:
 
SPEKE (cryptography) - Wikipedia, the free encyclopedia (494 words)
SPEKE (Simple Password Exponential Key Exchange) is a cryptographic method for password-authenticated key agreement.
In general, SPEKE can use any prime order group that is suitable for public key cryptography, including elliptic curve cryptography.
SPEKE was first described by David Jablon in 1996 (1), and refined and enhanced in 1997 (2) with additional variations, including an augmented password-authenticated key agreement method called B-SPEKE.
Public-key cryptography - Wikipedia, the free encyclopedia (3273 words)
Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key.
For most of the history of cryptography, a key had to be kept absolutely secret and would be agreed upon beforehand using a secure, but non-cryptographic, method; for example, a face-to-face meeting or a trusted courier.
As with most cryptography, the protocols used to establish and verify this binding are critically important.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m