Encrypted Key Exchange (also known as EKE) is a family of

password-authenticated key agreement In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password. An important property is that an eavesdropper or m ...

methods described by

Steven M. Bellovin Steven M. Bellovin is a researcher on computer networking and computer security, security. He has been a professor in the Computer Science department at Columbia University since 2005. Previously, Bellovin was a Fellow at AT&T Labs Research in Flo ...

and Michael Merritt. Although several of the forms of EKE in this paper were later found to be flawed , the surviving, refined, and enhanced forms of EKE effectively make this the first method to amplify a shared

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

into a shared key, where the

shared key Symmetric-key algorithms are algorithms for cryptography that use the same Key (cryptography), cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformat ...

may subsequently be used to provide a

zero-knowledge password proof In cryptography, a zero-knowledge password proof (ZKPP) is a type of zero-knowledge proof that allows one party (the prover) to prove to another party (the verifier) that it knows a value of a password, without revealing anything other than the fact ...

or other functions. In the most general form of EKE, at least one party encrypts an ephemeral (one-time) public key using a password, and sends it to a second party, who decrypts it and uses it to negotiate a shared key with the first party. A second paper describes Augmented-EKE, and introduced the concept of augmented

for client/server scenarios. Augmented methods have the added goal of ensuring that password verification data stolen from a server cannot be used by an attacker to masquerade as the client, unless the attacker first determines the password (e.g. by performing a brute force attack on the stolen data). A version of EKE based on Diffie–Hellman, known as DH-EKE, has survived attack and has led to improved variations, such as the PAK family of methods in IEEE P1363.2. Since the

US patent Under United States law, a patent is a right granted to the inventor of a (1) process, machine, article of manufacture, or composition of matter, (2) that is new, useful, and non-obvious. A patent is the right to exclude others, for a limited ...

on EKE expired in late 2011, an EAP authentication method using EKE was published as an IETF RFC. The EAP method uses the Diffie–Hellman variant of EKE.

Patents

, owned by

Lucent Lucent Technologies, Inc. was an American Multinational corporation, multinational telecommunications equipment company headquartered in Murray Hill, New Jersey, Murray Hill, New Jersey. It was established on September 30, 1996, through the dives ...

, describes the initial EKE method. It expired in October 2011.
, owned by

, describes the augmented EKE method. It expired in August 2013.

References

{{Cryptography navbox , public-key Cryptographic protocols Key-agreement protocols

Patents

See also

References