%0 Journal Article %J Applied Cryptography and Network Security %D 2005 %T Two-server password-only authenticated key exchange %A Katz, Jonathan %A MacKenzie,P. %A Taban,G. %A Gligor,V. %X Typical protocols for password-based authentication assume a single server which stores all the information (e.g.), the password necessary to authenticate a user. Unfortunately, an inherent limitation of this approach (assuming low-entropy passwords are used) is that the user’s password is exposed if this server is ever compromised. To address this issue, a number of schemes have been proposed in which a user’s password information is shared among multiple servers, and these servers cooperate in a threshold manner when the user wants to authenticate.We show here a two-server protocol for this task assuming public parameters available to everyone in the system (as well as the adversary). Ours is the first provably-secure two-server protocol for the important password-only setting (in which the user need remember only a password, and not the servers’ public keys), and is the first two-server protocol (in any setting) with a proof of security in the standard model. %B Applied Cryptography and Network Security %P 175 - 206 %8 2005/// %G eng %R 10.1007/11496137_1