PRNG-based Password Authenticated Key Exchange Protocol

Password authentication is one kind of identification, and key exchange is forgenerating secure temporally session key. Recently, there are some new situations inthe field: abused hash function and cipher causing new security problem; theappearance of reset attack. To solve these problems, this thesis proposed a new kind ofpassword authenticated key exchange protocol which is based on pseudo randomnumber generator (PRNG).First, we analyzed frequent appeared attacks and pointed out that some protocolsraised in these years, such as C2C-PAKE[16], have the vulnerability caused by themisuse of encryption and hash functions.And then, RRC security model is shown, which contains almost the currentattacks. By simulating all the attacks, the semantic security of password is also given.Moreover, we give a PRNG-based password authenticated key exchangeprotocol (RPAKE). Then show that our protocol is secure under the RRC model. Alsoperformance and security characters are compared with other protocols. At last, amore concrete implantation of RPAKE is give too.