Some security protocols in network security technologies specify that entities that establish communications need to transmit some critical parameters. For example, the password-based key exchange authentication protocol for improving Diffie-Hellman key exchange specifies that entities that establish communications need to transmit parameters.
The purpose of Diffie-Hellman key exchange is to allow two users to exchange a key securely for future message encryptions. The security of Diffie-Hellman key exchange depends on the difficulty of computing discrete logarithms on finite fields. This algorithm provides full forward confidentiality, but is vulnerable to man-in-the-middle attacks.
The password-based key exchange authentication protocol is designed to alleviate man-in-the-middle attacks for Diffie-Hellman key exchange. The password authentication protocol depends on a poor and hidden shared secret and provides a specific mechanism for mutual authentication. Therefore, this authentication protocol can prevent offline dictionary and man-in-the-middle attacks.
The password-based key exchange authentication protocol has two communication entities A and B. Entities A and B share a secret password PW and public Diffie-Hellman parameters p and g. These parameters meet the following conditions: p is a secure prime number, making it difficult to compute discrete logarithms; the integer g is a primitive root of p and its step in Zp* is p−1, that is,gp−1=1 mod p. 
FIG. 1 shows the process of key exchange as specified by the password-based key exchange authentication protocol in the prior art. The process includes the following steps:
Step 101: Communication entity A selects a random number RA to compute the transmission parameter by the formula X=H1(AA|BB|PW)·(gRA mod p), and then sends transmission parameter X to communication entity B.
AA and BA belong to communication entities A and B respectively and are parameters known to entities A and B, such as addresses of entities A and B.
| is a concatenation symbol. For example, a|b indicates the concatenation of bit strings a and b.
mod is the modulo operator. For example, a mod b indicates the smallest non-negative remainder after positive integer a is divided by positive integer b.
Hi(u) indicates the hash function. It is a function used to compress bit string u in any length into a message digest in a fixed length. i is equal to 1, 2, 3 or any other natural number. Different i subscripts indicate different random functions that are mutually independent.
Step 102: Upon receipt of transmission parameter X from communication entity A, communication entity B checks whether X is 0. If yes, communication entity B terminates the process; otherwise communication entity B executes step 103.
Step 103: Communication entity B computes
  X            H      1        ⁡          (                        A          A                ⁢                                        B            B                                    ⁢        PW            )      to obtain gRA mod p, and selects a random number RB to compute transmission parameter Y and identity authentication parameter S1. Finally communication entity B sends Y and S1 to communication entity A. The formulas below are used to compute transmission parameter Y and identity authentication parameter S1:
      Y    =                            H          2                ⁡                  (                                    A              A                        ⁢                                                        B                B                                                    ⁢            PW                    )                    ·              (                  g          ⁢                                                                   R                B                                      ⁢            mod                    ⁢                                          ⁢          p                )                        S      1        =                            H          3                ⁡                  (                                                                                                                A                      A                                        ⁢                                                                                        B                        B                                                                                    ⁢                    PW                    ⁢                                                                                        X                                                                              H                            1                                                    ⁡                                                      (                                                                                          A                                A                                                            ⁢                                                                                                                                B                                  B                                                                                                                            ⁢                              PW                                                        )                                                                                                                                      ⁢                    g                    ⁢                                                                                                                     R                          B                                                                    ⁢                      mod                                        ⁢                                                                                  ⁢                    p                                    |                                                                                                      {                                                                                    [                                                  X                                                                                    H                              1                                                        ⁡                                                          (                                                                                                A                                  A                                                                ⁢                                                                                                                                        B                                    B                                                                                                                                    ⁢                                PW                                                            )                                                                                                      ]                                                                    R                        B                                                              ⁢                    mod                    ⁢                                                                                  ⁢                    p                                    }                                                              )                    ⁢                          ⁢                          =                        H          3                ⁡                  (                                                    A                A                            ⁢                                                                B                  B                                                            ⁢              PW              ⁢                                                                g                  ⁢                                                                                                           R                        A                                                              ⁢                    mod                                    ⁢                                                                          ⁢                  p                                                            ⁢              g              ⁢                                                                                       R                    B                                                  ⁢                mod                            ⁢                                                          ⁢              p                        |                          {                                                                    [                                          g                                              R                        A                                                              ]                                                        R                    B                                                  ⁢                mod                ⁢                                                                  ⁢                p                            }                                )                    
Step 104: Upon receipt of transmission parameter Y from communication entity B, communication entity A checks whether Y is 0. If yes, communication entity A terminates the process; otherwise communication entity A executes step 105.
Step 105: Communication entity A checks whether identity authentication parameter S1 sent from communication entity B is valid. If yes, communication entity A executes step 106; otherwise communication entity A terminates the process.
Communication entity A checks identity authentication parameter S1 by using the following method: compute
  Y            H      2        ⁡          (                        A          A                ⁢                                        B            B                                    ⁢        PW            )      to obtain gRB mod p, and then check whether S1 is equal to the computation result of formula 1. If yes, S1 is valid; otherwise S1 is invalid. The following shows formula 1:
                                          H            3                    ⁡                      (                                                            A                  A                                ⁢                                                                        B                    B                                                                    ⁢                PW                ⁢                                                                                              g                                              R                        A                                                              ⁢                    mod                    ⁢                                                                                  ⁢                    p                                                                    ⁢                                                                  ⁢                                  Y                                                            H                      2                                        ⁡                                          (                                                                        A                          A                                                ⁢                                                                                                        B                            B                                                                                                    ⁢                        PW                                            )                                                                                  ❘                              {                                                                            [                                              Y                                                                              H                            2                                                    ⁡                                                      (                                                                                          A                                A                                                            ⁢                                                                                                                                B                                  B                                                                                                                            ⁢                              PW                                                        )                                                                                              ]                                                              R                      A                                                        ⁢                                                                          ⁢                  mod                  ⁢                                                                          ⁢                  p                                }                                      )                          =                              H            3                    (                                    A              A                        ⁢                                                        B                B                                                    ⁢            PW            ⁢                                                                          g                                      R                    A                                                  ⁢                mod                ⁢                                                                  ⁢                p                                                    ⁢                          g                              R                B                                      ⁢            mod            ⁢                                                  ⁢            p            ⁢                                                        {                                                                            [                                              g                                                  R                          B                                                                    ]                                                              R                      A                                                        ⁢                  mod                  ⁢                                                                          ⁢                  p                                }                            )                                                          (        1        )            
Step 106. Communication entity A computes shared key K and identity authentication parameter S2 and sends S2 to communication entity B. The formulas below are used to compute shared key K and identity authentication parameter S2:
                                                        K              =                            ⁢                                                H                  5                                ⁡                                  (                                                                                                                                                                        A                              A                                                        ⁢                                                                                                                        B                                B                                                                                                                    ⁢                            PW                            ⁢                                                                                                                                                          g                                                                      R                                    A                                                                                                  ⁢                                mod                                ⁢                                                                                                                                  ⁢                                p                                                                                                                    ⁢                                                          Y                                                                                                H                                  2                                                                ⁡                                                                  (                                                                                                            A                                      A                                                                        ⁢                                                                                                                                                        B                                        B                                                                                                                                                    ⁢                                    PW                                                                    )                                                                                                                                              ❘                                                                                                                                                              {                                                                                                                    [                                                                  Y                                                                                                            H                                      2                                                                        ⁡                                                                          (                                                                                                                        A                                          A                                                                                ⁢                                                                                                                                                                        B                                            B                                                                                                                                                                    ⁢                                        PW                                                                            )                                                                                                                                      ]                                                                                            R                                A                                                                                      ⁢                            mod                            ⁢                                                                                                                  ⁢                            p                                                    }                                                                                                      )                                                                                                        =                            ⁢                                                H                  5                                ⁡                                  (                                                                                    A                        A                                            ⁢                                                                                                B                          B                                                                                            ⁢                      PW                      ⁢                                                                                                                            g                                                          R                              A                                                                                ⁢                          mod                          ⁢                                                                                                          ⁢                          p                                                                                            ⁢                                              g                                                  R                          B                                                                    ⁢                      mod                      ⁢                                                                                          ⁢                      p                                        ❘                                          {                                                                                                    [                                                          g                                                              R                                B                                                                                      ]                                                                                R                            A                                                                          ⁢                        mod                        ⁢                                                                                                  ⁢                        p                                            }                                                        )                                                                                                                                                                            S                2                            =                            ⁢                                                H                  4                                ⁡                                  (                                                                                                                                                                        A                              A                                                        ⁢                                                                                                                        B                                B                                                                                                                    ⁢                            PW                            ⁢                                                                                                                                                          g                                                                      R                                    A                                                                                                  ⁢                                mod                                ⁢                                                                                                                                  ⁢                                p                                                                                                                    ⁢                                                          Y                                                                                                H                                  2                                                                ⁡                                                                  (                                                                                                            A                                      A                                                                        ⁢                                                                                                                                                        B                                        B                                                                                                                                                    ⁢                                    PW                                                                    )                                                                                                                                              ❘                                                                                                                                                              {                                                                                                                    [                                                                  Y                                                                                                            H                                      2                                                                        ⁡                                                                          (                                                                                                                        A                                          A                                                                                ⁢                                                                                                                                                                        B                                            B                                                                                                                                                                    ⁢                                        PW                                                                            )                                                                                                                                      ]                                                                                            R                                A                                                                                      ⁢                            mod                            ⁢                                                                                                                  ⁢                            p                                                    }                                                                                                      )                                                                                                        =                            ⁢                                                H                  4                                ⁡                                  (                                                                                    A                        A                                            ⁢                                                                                                B                          B                                                                                            ⁢                      PW                      ⁢                                                                                                                            g                                                          R                              A                                                                                ⁢                          mod                          ⁢                                                                                                          ⁢                          p                                                                                            ⁢                                              g                                                  R                          B                                                                    ⁢                      mod                      ⁢                                                                                          ⁢                      p                                        ❘                                          {                                                                                                    [                                                          g                                                              R                                B                                                                                      ]                                                                                R                            A                                                                          ⁢                        mod                        ⁢                                                                                                  ⁢                        p                                            }                                                        )                                                                                                    
Step 107: Communication entity B checks whether identity authentication parameter S2 sent from communication entity A is valid. If yes, communication entity B executes step 108; otherwise communication entity B terminates the process.
Communication entity B checks identity authentication parameter S2 by using the following method: obtain gRB mod p according to step 103, and then check whether S2 is equal to the computation result of formula (2). If yes, S2 is valid; otherwise S2 is invalid. The following shows formula (2):
                                          H            4                    ⁡                      (                                                            A                  A                                ⁢                                                                        B                    B                                                                    ⁢                PW                ⁢                                                                  ⁢                                                                        X                                                                  H                        1                                            ⁡                                              (                                                                              A                            A                                                    ⁢                                                                                                                B                              B                                                                                                            ⁢                          PW                                                )                                                                                                              ⁢                                  g                                      R                    B                                                  ⁢                mod                ⁢                                                                  ⁢                p                            ❘                              {                                                                            [                                              X                                                                              H                            1                                                    ⁡                                                      (                                                                                          A                                A                                                            ⁢                                                                                                                                B                                  B                                                                                                                            ⁢                              PW                                                        )                                                                                              ]                                                              R                      B                                                        ⁢                                                                          ⁢                  mod                  ⁢                                                                          ⁢                  p                                }                                      )                          =                              H            4                    ⁡                      (                                                                                                      A                      A                                        ⁢                                                                                        B                        B                                                                                    ⁢                    PW                    ⁢                                                                                                                  g                                                      R                            A                                                                          ⁢                        mod                        ⁢                                                                                                  ⁢                        p                                                                                    ⁢                                          g                                              R                        B                                                              ⁢                    mod                    ⁢                                                                                  ⁢                    p                                                                                                                                        {                                                                                            [                                                                                    g                                                              R                                A                                                                                      ⁢                            mod                            ⁢                                                                                                                  ⁢                            p                                                    ]                                                                          R                          B                                                                    ⁢                      mod                      ⁢                                                                                          ⁢                      p                                        }                                                                        )                                              (        2        )            
Step 108: Communication entity B computes shared key K. The formula below is used to compute K:
                    K        =                ⁢                              H            5                    ⁡                      (                                                                                                                              A                        A                                            ⁢                                                                                                B                          B                                                                                            ⁢                      PW                      ⁢                                                                                                X                                                                                    H                              1                                                        ⁡                                                          (                                                                                                A                                  A                                                                ⁢                                                                                                                                        B                                    B                                                                                                                                    ⁢                                PW                                                            )                                                                                                                                                  ⁢                                              g                                                  R                          B                                                                    ⁢                      mod                      ⁢                                                                                          ⁢                      p                                        ❘                                                                                                                    {                                                                                            [                                                      X                                                                                          H                                1                                                            ⁡                                                              (                                                                                                      A                                    A                                                                    ⁢                                                                                                                                                B                                      B                                                                                                                                            ⁢                                  PW                                                                )                                                                                                              ]                                                                          R                          B                                                                    ⁢                      mod                      ⁢                                                                                          ⁢                      p                                        }                                                                        )                                                  =                ⁢                              H            5                    ⁡                      (                                                            A                  A                                ⁢                                                                        B                    B                                                                    ⁢                PW                ⁢                                                                                              g                                              R                        A                                                              ⁢                    mod                    ⁢                                                                                  ⁢                    p                                                                    ⁢                                  g                                      R                    B                                                  ⁢                mod                ⁢                                                                  ⁢                p                            ❘                              {                                                                            [                                              g                                                  R                          B                                                                    ]                                                              R                      A                                                        ⁢                  mod                  ⁢                                                                          ⁢                  p                                }                                      )                              
Now communication entities A and B have authenticated the identity of each other and obtained the shared key K. That is, the exchange of shared key K is complete between communication entities A and B.
In the above steps, RA and RB are discrete logarithms that take g as the base modulo p. It is difficult to compute RA and RB based on gRA mod p and gRB mod p. In this case, RA and RB are private keys of communication entities A and B. X and Y are public keys of communication entities A and B. S1 and S2 are parameters for communication entities A and B to authenticate the identity of each other.
Though the security of the password-based key exchange authentication protocol can be proved in the random oracle model and ideal cipher model, transmission parameters X and Y are required in the authentication process and parameters X and Y are equal to the product of two large integers. Hence, the transmission of these parameters consumes large bandwidth. By analogy, in other occasions in which parameter transmission is required, when the parameter value is large, large transmission bandwidth may be consumed.