1. Field
Embodiments of the present disclosure relate to a network security technology.
2. Discussion of Related Art
A key exchange protocol based on authentication information (that is, password authenticated key exchange (PAKE)) is a process in which two or more parties participating in communication share a key for encrypted communication on the basis of a password that at least one of the parties knows. Depending on its implementation method, PAKE may be classified into PAKE based on a public key certificate and PAKE based on a non-pubic key certificate.
PAKE based on a public key certificate involves a process of always performing pubic key authentication for key exchange. In particular, PAKE based on a non-public key certificate (associated standards: IEEE P1363.2 and ISO/IEC 11770-4) has a configuration scheme with a verifier in which a password is directly exponentiated and stored and thus a migration of an existing system and an update of a parameter are difficult. Also, this scheme needs a relatively large amount of real-time calculations in order to correspond to an offline analysis, and cannot flexibly change a message flow of a protocol because a password is directly combined with a group parameter.