David Jablon's Research Papers on Password-based Cryptography

[Jab96]     D. Jablon,
Strong Password-Only Authenticated Key Exchange
Computer Communication Review, ACM SIGCOMM, vol. 26, no. 5, pp. 5-26, October 1996.
ACM copy
Author's copy: jab96.pdf

Errata: See the revised version: March 2, 1997 (formerly available at www.integritysciences.com and world.std.com/~dpj/), which discusses the "password-in-exponent" attack found for one form of [Jab96]-SPEKE, discovered by Gong, Langford, Jablon, and others. This was also discussed in [Jab97].

[Jab97]     D. Jablon,
Extended Password Key Exchange Protocols Immune to Dictionary Attacks
Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE '97), IEEE Computer Society, June 18-20, 1997, Cambridge, MA, pp. 248-255.
IEEE copy
Author's copy: jab97.pdf

Errata: On page 4, the suggestion that "g=S2, and S=h(gC)" is impossible.

[Jab01]     D. Jablon,
Password Authentication Using Multiple Servers,
LNCS 2020: Topics in Cryptology -- CT-RSA 2001, April 8-12, 2001 Proceedings, pp. 344-360, 2001, Springer-Verlag.
Springer copy
Author's copy: jab01.pdf

(1) This paper refers to the Sep. 2001 version of [FK00], and mistakenly attributes to it a limitation of the June 2001 presentation version. The June version required a server-authenticated channel, but the Sep. version eliminated that requirement.
(2) On p. 10 and following, proofPKm should equal "h(Km || gP)", instead of "h(Km || g)".

See also my comprehensive list of Research Papers on Password-based Cryptography.

Page last updated: December 27, 2005