基于椭圆曲线的强壮高效口令认证密钥协商方案

提出一个适合远程用户的口令认证和密钥交换协议，该协议在不信任网络中运行，无需认证表和交换密钥. 新的协议可抵抗被动或主动入侵，甚至内部攻击者的字典攻击，即使弱的口令也可以安全地使用. 协议还满足完备的前向安全性，在当前口令泄露后不影响以前会话的安全性. 在所提协议中，用户口令并不是以明文的形式储 存，因此当攻击者获取智能卡后，并不能直接登录到主机. 文中协议高效且安全，可广泛应用于需要口令认证的环境. 同以往工作相比，所提协议对分布式或便携式设备更加有效.

Robust and Efficient Password-Authenticated Key Agreement Scheme Based on Elliptic Curve Cryptosystem

The paper presents a new password authentication and key-exchange protocol suitable for remote users without verification table and exchanging keys over an untrusted network.The new protocol can resist dictionary attacks by either passive or active network intruders.Against an insider attacker,even weak password phrases can also be used safely.It also offers perfect forward secrecy,which protects past sessions and passwords against future compromises.Since the user passwords are stored in a form that is not plaintext-equivalent to the password itself,an attacker with a smart card cannot use it directly to compromise security and immediately access the host.The proposed protocol is secure,simple,and fast,making it ideal for a wide range of applications in which secure password authentication is required.Compared with the related works, the proposed scheme is more efficient and practical for distributed or portable devices.