A Provably Secure Three-Party Password Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems

Abstract

Three-party password authenticated key exchange (3PAKE) protocols allow two clients to establish a common secure session key via the help of an authentication server, in which each client only needs to share a single password with the server. Many researchers pay attention to 3PAKE protocols since they are well suited for large-scale communication in mobile environments. Recently, Farash et al. proposed an enhanced 3PAKE protocol without using server's public-keys and symmetric cryptosystems. They claimed that their protocol is secure against various attacks. However, we found that Farash et al.'s protocol is vulnerable to partition attacks and off-line dictionary attacks. Moreover, their protocol needs 5 rounds to work, so it is inefficient in terms of communication. To overcome these shortcomings, we improve their protocol and propose a provably secure 3PAKE protocol, which is more efficient and secure than other related protocols.

DOI: http://dx.doi.org/10.5755/j01.itc.44.2.8197