1. Field
Embodiments of the present disclosure relate to a security technology on a network.
2. Discussion of Related Art
Password authenticated key exchange (PAKE) is a process in which two or more parties that participate in communication share a key for encrypted communication based only on their knowledge of a password. PAKE may be classified into public-key-certificate-based PAKE and non-public-key-certificate-based PAKE according to the implementation method.
The public-key-certificate-based PAKE always requires a procedure for performing public-key authentication for key exchange, and the non-public-key-certificate-based PAKE (associated standards: IEEE P1363.2 and ISO/IEC 11770-4) has a configuration scheme with a verifier in which a password is directly exponentiated, and stored and thus migration of an existing system and update of parameters are difficult. Also, for this scheme, since a password is directly combined with group parameters, a relatively large amount of calculation is required, and it is impossible for a message flow of a protocol to be flexible.