A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

<table class="fixed-width table-group" id="tab2"><tr><td><table class="table"><colgroup><col style="width:4.06em"/><col style="width:24.69em"/></colgroup><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left"> <svg height="11.5564pt" id="M39" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 15.3928 11.5564" width="15.3928pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M300 -147C201 -63 143 98 143 270S200 602 300 686L282 710C136 610 70 450 70 271V270C70 89 136 -72 282 -170L300 -147Z" id="g113-41"></path></g><g transform="matrix(.013,0,0,-0.013,4.498,0)"><path d="M384 0V27C293 34 287 42 287 114V635C232 613 172 594 109 583V559L157 557C201 555 205 550 205 499V114C205 42 199 34 109 27V0H384Z" id="g113-50"></path></g><g transform="matrix(.013,0,0,-0.013,10.738,0)"><path d="M275 270C275 450 212 609 64 710L45 686C145 604 203 442 203 270S147 -63 45 -147L64 -170C213 -68 275 89 275 270Z" id="g113-42"></path></g></svg></td><td class="align_left"><svg height="9.09021pt" id="M40" style="vertical-align:-0.2455397pt" version="1.1" viewbox="-0.0498162 -8.84467 11.2563 9.09021" width="11.2563pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M837 672C829 675 822 674 813 674C710 674 608 541 510 398C475 447 422 480 349 480C260 480 162 415 162 299C162 199 212 133 284 92C229 39 191 15 134 15C91 15 69 45 69 65H71C78 54 95 53 100 53C128 53 143 80 143 101C143 128 121 149 93 149C60 149 31 121 31 77C31 24 74 -15 138 -15C198 -15 255 22 311 79C360 56 416 43 473 39L455 0H552L569 42C612 49 661 63 693 87L684 103C657 88 617 76 581 69C677 301 753 477 846 658L837 672ZM772 638C701 530 628 379 559 227C558 279 547 330 526 371C609 494 688 609 771 638H772ZM536 199C536 191 536 184 535 176L486 67C430 71 380 84 335 105C395 173 451 257 507 344C527 301 536 251 536 199ZM492 372C431 277 369 183 310 119C245 158 203 217 203 301S275 447 349 447C416 447 461 417 492 372Z" id="g198-2"></path></g></svg> can intercept, modify, delete, and resend the messages between the users and the servers over the open channel.</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left"> <svg height="11.5564pt" id="M41" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 15.3928 11.5564" width="15.3928pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M300 -147C201 -63 143 98 143 270S200 602 300 686L282 710C136 610 70 450 70 271V270C70 89 136 -72 282 -170L300 -147Z" id="g113-41"></path></g><g transform="matrix(.013,0,0,-0.013,4.498,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z" id="g113-51"></path></g><g transform="matrix(.013,0,0,-0.013,10.738,0)"><path d="M275 270C275 450 212 609 64 710L45 686C145 604 203 442 203 270S147 -63 45 -147L64 -170C213 -68 275 89 275 270Z" id="g113-42"></path></g></svg></td><td class="align_left"><svg height="9.09021pt" id="M42" style="vertical-align:-0.2455397pt" version="1.1" viewbox="-0.0498162 -8.84467 11.2563 9.09021" width="11.2563pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M837 672C829 675 822 674 813 674C710 674 608 541 510 398C475 447 422 480 349 480C260 480 162 415 162 299C162 199 212 133 284 92C229 39 191 15 134 15C91 15 69 45 69 65H71C78 54 95 53 100 53C128 53 143 80 143 101C143 128 121 149 93 149C60 149 31 121 31 77C31 24 74 -15 138 -15C198 -15 255 22 311 79C360 56 416 43 473 39L455 0H552L569 42C612 49 661 63 693 87L684 103C657 88 617 76 581 69C677 301 753 477 846 658L837 672ZM772 638C701 530 628 379 559 227C558 279 547 330 526 371C609 494 688 609 771 638H772ZM536 199C536 191 536 184 535 176L486 67C430 71 380 84 335 105C395 173 451 257 507 344C527 301 536 251 536 199ZM492 372C431 277 369 183 310 119C245 158 203 217 203 301S275 447 349 447C416 447 461 417 492 372Z" id="g198-2"></path></g></svg> can enumerate all the items in the password space and identity space simultaneously.</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left"> <svg height="11.5564pt" id="M43" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 15.3928 11.5564" width="15.3928pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M300 -147C201 -63 143 98 143 270S200 602 300 686L282 710C136 610 70 450 70 271V270C70 89 136 -72 282 -170L300 -147Z" id="g113-41"></path></g><g transform="matrix(.013,0,0,-0.013,4.498,0)"><path d="M285 378C315 398 338 416 353 432C373 451 384 474 384 503C384 579 325 635 236 635H235C182 635 136 610 108 579L65 516L85 496C110 533 150 575 205 575C258 575 300 543 300 481C300 407 232 369 141 339L147 310C163 315 188 321 211 321C268 321 338 284 338 192C338 94 288 40 217 40C160 40 119 68 93 91C85 98 77 97 69 91C60 84 47 71 46 58C44 46 48 35 62 22C75 10 116 -12 162 -12C234 -12 424 62 424 224C424 297 373 359 285 376V378Z" id="g113-52"></path></g><g transform="matrix(.013,0,0,-0.013,10.738,0)"><path d="M275 270C275 450 212 609 64 710L45 686C145 604 203 442 203 270S147 -63 45 -147L64 -170C213 -68 275 89 275 270Z" id="g113-42"></path></g></svg></td><td class="align_left">When cryptanalyzing a scheme, <svg height="9.09021pt" id="M44" style="vertical-align:-0.2455397pt" version="1.1" viewbox="-0.0498162 -8.84467 11.2563 9.09021" width="11.2563pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M837 672C829 675 822 674 813 674C710 674 608 541 510 398C475 447 422 480 349 480C260 480 162 415 162 299C162 199 212 133 284 92C229 39 191 15 134 15C91 15 69 45 69 65H71C78 54 95 53 100 53C128 53 143 80 143 101C143 128 121 149 93 149C60 149 31 121 31 77C31 24 74 -15 138 -15C198 -15 255 22 311 79C360 56 416 43 473 39L455 0H552L569 42C612 49 661 63 693 87L684 103C657 88 617 76 581 69C677 301 753 477 846 658L837 672ZM772 638C701 530 628 379 559 227C558 279 547 330 526 371C609 494 688 609 771 638H772ZM536 199C536 191 536 184 535 176L486 67C430 71 380 84 335 105C395 173 451 257 507 344C527 301 536 251 536 199ZM492 372C431 277 369 183 310 119C245 158 203 217 203 301S275 447 349 447C416 447 461 417 492 372Z" id="g198-2"></path></g></svg> can know the identity of <span class="nowrap"><svg height="11.927pt" id="M45" style="vertical-align:-3.291101pt" version="1.1" viewbox="-0.0498162 -8.6359 11.7936 11.927" width="11.7936pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M715 650H476L470 622C550 619 562 610 562 570C562 536 553 481 535 384L523 321C485 121 408 37 283 37C178 37 99 109 134 297L178 532C193 612 199 616 278 622L284 650H29L23 622C105 616 109 609 94 532L48 291C23 160 51 83 98 40C143 -1 202 -16 260 -16C321 -16 387 3 439 49C509 111 542 204 563 312L577 384C595 479 608 533 619 569C629 603 637 620 709 622L715 650Z" id="g113-86"></path></g><g transform="matrix(.0091,0,0,-0.0091,8.606,3.132)"><path d="M250 606C250 634 233 656 203 656C168 656 146 618 146 593C146 564 169 545 192 545C227 545 250 573 250 606ZM227 95L212 119C187 98 152 71 135 71C129 71 128 78 134 102L207 373C219 418 217 451 194 451C165 451 92 411 30 351L44 326C77 353 106 371 114 371C124 371 121 357 117 341L55 97C32 5 46 -12 70 -12C108 -12 191 51 227 95Z" id="g50-106"></path></g></svg>.</span></td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left"> <svg height="11.5564pt" id="M46" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 15.3928 11.5564" width="15.3928pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M300 -147C201 -63 143 98 143 270S200 602 300 686L282 710C136 610 70 450 70 271V270C70 89 136 -72 282 -170L300 -147Z" id="g113-41"></path></g><g transform="matrix(.013,0,0,-0.013,4.498,0)"><path d="M456 178V225H360V632H320C217 496 115 347 20 206V178H280V106C280 40 276 34 189 27V0H445V27C364 34 360 39 360 106V178H456ZM280 225H82C149 335 214 431 278 520H280V225Z" id="g113-53"></path></g><g transform="matrix(.013,0,0,-0.013,10.738,0)"><path d="M275 270C275 450 212 609 64 710L45 686C145 604 203 442 203 270S147 -63 45 -147L64 -170C213 -68 275 89 275 270Z" id="g113-42"></path></g></svg></td><td class="align_left"><svg height="9.09021pt" id="M47" style="vertical-align:-0.2455397pt" version="1.1" viewbox="-0.0498162 -8.84467 11.2563 9.09021" width="11.2563pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M837 672C829 675 822 674 813 674C710 674 608 541 510 398C475 447 422 480 349 480C260 480 162 415 162 299C162 199 212 133 284 92C229 39 191 15 134 15C91 15 69 45 69 65H71C78 54 95 53 100 53C128 53 143 80 143 101C143 128 121 149 93 149C60 149 31 121 31 77C31 24 74 -15 138 -15C198 -15 255 22 311 79C360 56 416 43 473 39L455 0H552L569 42C612 49 661 63 693 87L684 103C657 88 617 76 581 69C677 301 753 477 846 658L837 672ZM772 638C701 530 628 379 559 227C558 279 547 330 526 371C609 494 688 609 771 638H772ZM536 199C536 191 536 184 535 176L486 67C430 71 380 84 335 105C395 173 451 257 507 344C527 301 536 251 536 199ZM492 372C431 277 369 183 310 119C245 158 203 217 203 301S275 447 349 447C416 447 461 417 492 372Z" id="g198-2"></path></g></svg> knows the identity of <span class="nowrap"><svg height="14.1649pt" id="M48" style="vertical-align:-5.529pt" version="1.1" viewbox="-0.0498162 -8.6359 10.6192 14.1649" width="10.6192pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M449 634C442 637 425 643 405 650C376 660 341 666 307 666C181 666 98 590 98 485C98 400 170 343 215 310L246 288C307 243 343 204 343 147C343 67 291 18 219 18C104 18 61 124 51 202L23 199C28 124 27 71 27 47C47 22 122 -16 204 -16C324 -16 428 60 428 174C428 256 379 309 307 360L276 382C223 419 179 455 179 516C179 576 221 632 293 632C379 632 410 564 418 487L448 490C446 536 446 592 449 634Z" id="g113-84"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.071,3.132)"><path d="M400 606C400 634 383 656 353 656C316 656 294 620 294 593C294 564 317 545 343 545C375 545 400 573 400 606ZM366 351C379 413 381 451 356 451C323 451 251 408 183 341L199 313C223 335 267 365 277 365C285 365 284 354 277 312C245 132 222 27 193 -100C182 -148 160 -188 131 -188C113 -188 90 -178 75 -170C64 -164 55 -168 48 -175C38 -185 24 -203 24 -222S48 -257 71 -257C89 -257 131 -241 186 -192C243 -141 286 -46 310 74L366 351Z" id="g50-107"></path></g></svg>.</span></td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left"> <svg height="11.5564pt" id="M49" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 15.3928 11.5564" width="15.3928pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M300 -147C201 -63 143 98 143 270S200 602 300 686L282 710C136 610 70 450 70 271V270C70 89 136 -72 282 -170L300 -147Z" id="g113-41"></path></g><g transform="matrix(.013,0,0,-0.013,4.498,0)"><path d="M153 550H386L412 615L406 623H120L82 318C104 327 142 338 184 338C294 338 347 275 347 187C347 112 305 39 221 39C160 39 119 71 97 89C88 97 80 96 71 90C59 80 50 67 49 57C48 45 52 36 66 23C80 9 123 -12 169 -12C221 -11 288 15 342 59C403 109 431 165 431 225C431 308 366 395 238 395C212 395 165 379 127 364L153 550Z" id="g113-54"></path></g><g transform="matrix(.013,0,0,-0.013,10.738,0)"><path d="M275 270C275 450 212 609 64 710L45 686C145 604 203 442 203 270S147 -63 45 -147L64 -170C213 -68 275 89 275 270Z" id="g113-42"></path></g></svg></td><td class="align_left"><svg height="9.09021pt" id="M50" style="vertical-align:-0.2455397pt" version="1.1" viewbox="-0.0498162 -8.84467 11.2563 9.09021" width="11.2563pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M837 672C829 675 822 674 813 674C710 674 608 541 510 398C475 447 422 480 349 480C260 480 162 415 162 299C162 199 212 133 284 92C229 39 191 15 134 15C91 15 69 45 69 65H71C78 54 95 53 100 53C128 53 143 80 143 101C143 128 121 149 93 149C60 149 31 121 31 77C31 24 74 -15 138 -15C198 -15 255 22 311 79C360 56 416 43 473 39L455 0H552L569 42C612 49 661 63 693 87L684 103C657 88 617 76 581 69C677 301 753 477 846 658L837 672ZM772 638C701 530 628 379 559 227C558 279 547 330 526 371C609 494 688 609 771 638H772ZM536 199C536 191 536 184 535 176L486 67C430 71 380 84 335 105C395 173 451 257 507 344C527 301 536 251 536 199ZM492 372C431 277 369 183 310 119C245 158 203 217 203 301S275 447 349 447C416 447 461 417 492 372Z" id="g198-2"></path></g></svg> can learn the password of <svg height="11.927pt" id="M51" style="vertical-align:-3.291101pt" version="1.1" viewbox="-0.0498162 -8.6359 11.7936 11.927" width="11.7936pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M715 650H476L470 622C550 619 562 610 562 570C562 536 553 481 535 384L523 321C485 121 408 37 283 37C178 37 99 109 134 297L178 532C193 612 199 616 278 622L284 650H29L23 622C105 616 109 609 94 532L48 291C23 160 51 83 98 40C143 -1 202 -16 260 -16C321 -16 387 3 439 49C509 111 542 204 563 312L577 384C595 479 608 533 619 569C629 603 637 620 709 622L715 650Z" id="g113-86"></path></g><g transform="matrix(.0091,0,0,-0.0091,8.606,3.132)"><path d="M250 606C250 634 233 656 203 656C168 656 146 618 146 593C146 564 169 545 192 545C227 545 250 573 250 606ZM227 95L212 119C187 98 152 71 135 71C129 71 128 78 134 102L207 373C219 418 217 451 194 451C165 451 92 411 30 351L44 326C77 353 106 371 114 371C124 371 121 357 117 341L55 97C32 5 46 -12 70 -12C108 -12 191 51 227 95Z" id="g50-106"></path></g></svg> by a malicious card reader, or extract the parameters from the smart, but cannot achieve both.</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left"> <svg height="11.5564pt" id="M52" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 15.3928 11.5564" width="15.3928pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M300 -147C201 -63 143 98 143 270S200 602 300 686L282 710C136 610 70 450 70 271V270C70 89 136 -72 282 -170L300 -147Z" id="g113-41"></path></g><g transform="matrix(.013,0,0,-0.013,4.498,0)"><path d="M137 343C167 482 260 545 321 574C357 591 397 603 429 609L423 641C382 634 335 622 295 608C189 570 37 457 37 238C37 84 125 -12 242 -12C362 -12 447 89 447 209C447 311 374 393 267 393C247 393 226 386 204 376L137 343ZM227 337C318 337 361 256 361 173C361 105 336 22 258 22C176 22 126 120 126 240C126 266 127 291 132 310C155 323 189 337 227 337Z" id="g113-55"></path></g><g transform="matrix(.013,0,0,-0.013,10.738,0)"><path d="M275 270C275 450 212 609 64 710L45 686C145 604 203 442 203 270S147 -63 45 -147L64 -170C213 -68 275 89 275 270Z" id="g113-42"></path></g></svg></td><td class="align_left">When evaluating forward secrecy, <svg height="9.09021pt" id="M53" style="vertical-align:-0.2455397pt" version="1.1" viewbox="-0.0498162 -8.84467 11.2563 9.09021" width="11.2563pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M837 672C829 675 822 674 813 674C710 674 608 541 510 398C475 447 422 480 349 480C260 480 162 415 162 299C162 199 212 133 284 92C229 39 191 15 134 15C91 15 69 45 69 65H71C78 54 95 53 100 53C128 53 143 80 143 101C143 128 121 149 93 149C60 149 31 121 31 77C31 24 74 -15 138 -15C198 -15 255 22 311 79C360 56 416 43 473 39L455 0H552L569 42C612 49 661 63 693 87L684 103C657 88 617 76 581 69C677 301 753 477 846 658L837 672ZM772 638C701 530 628 379 559 227C558 279 547 330 526 371C609 494 688 609 771 638H772ZM536 199C536 191 536 184 535 176L486 67C430 71 380 84 335 105C395 173 451 257 507 344C527 301 536 251 536 199ZM492 372C431 277 369 183 310 119C245 158 203 217 203 301S275 447 349 447C416 447 461 417 492 372Z" id="g198-2"></path></g></svg> knows the long term secret key of the register center.</td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>The capacities of the adversary.</div>

Security and Communication Networks

tab2

Table 2

Table 2: A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment 