Password-based authenticated key exchange in the three-party setting

Password-based authenticated key exchange in the three-party setting

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IEE Proceedings - Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Password-based authenticated key exchange (PAKE) consists of protocols which are designed to be secure even when the secret key used for authentication is a human-memorable password. In the article, the authors consider PAKE protocols in the 3-party scenario, in which the users trying to establish a common secret do not share a password between themselves but only with a trusted server. Towards their goal, the authors recall some of the existing security notions for PAKE protocols and introduce new ones that are more suitable to the case of generic constructions of 3-party protocols. The authors then present a natural generic construction of a 3-party PAKE protocol from any 2-party PAKE protocol and prove its security. To the best of the authors knowledge, the new protocol is the first provably secure PAKE protocol in the 3-party setting.


    1. 1)
      • Steiner, J.G., Neuman, B.C., Schiller, J.L.: `Kerberos: an authentication service for open networks', Proc. USENIX Winter Conference, 1988, Dallas, TX, p. 191–202.
    2. 2)
      • Krawczyk, H.: `SIGMA: The “SIGn-and-MAc” approach to authenticated Diffie–Hellman and its use in the IKE protocols', Proc. Advances in Cryptology — CRYPTO 2003, August 2003, Santa Barbara, CA, 2729, p. 400–425, LNCS.
    3. 3)
      • R.M. Needham , M.D. Schroeder . Using encryption for authentication in large networks of computers. Communications of the Association for Computing Machinery , 21 , 993 - 999
    4. 4)
      • NIST: Advanced encryption standard (AES)' National Institute of Standards and Technology, FIPS PUB 197, U.S. Department of Commerce, 2001.
    5. 5)
      • Bellovin, S.M., Merritt, M.: `Encrypted key exchange: password-based protocols secure against dictionary attacks', Proc. 1992 IEEE Symp. Security and Privacy, May 1992, Oakland, CA, p. 72–84.
    6. 6)
      • Boyarsky, M.K.: `Public-key cryptography and password protocols: the multi-user case', Proc. 6th Conf. Computer and Communications Security (ACM CCS 99), November 1999, Singapore, Kent Ridge Digital Labs, p. 63–72.
    7. 7)
      • Bresson, E., Chevassut, O., Pointcheval, D.: `New security results on encrypted key exchange', Proc. 7th Int. Workshop on Theory and Practice in Public Key Cryptography (PKC 2004), March 2004, Singapore, 2947, p. 145–158, LNCS.
    8. 8)
      • Gennaro, R., Lindell, Y.: `A framework for password-based authenticated key exchange', Advances in Cryptology — EUROCRYPT 2003, 4–8 May 2003, Warsaw, Poland, 2656, p. 524–543, LNCS
    9. 9)
      • Katz, J., Ostrovsky, R., Yung, M.: `Efficient password-authenticated key exchange using human-memorable passwords', Proc. Advances in Cryptology — EUROCRYPT 2001, May 2001, Innsbruck, Austria, 2045, p. 475–494, LNCS.
    10. 10)
      • MacKenzie, P.D.: ‘The PAK suite: Protocols for password-authenticated key exchange’. Contributions to IEEE P1363.2, 2002..
    11. 11)
      • Bellare, M., Rogaway, P.: `Entity authentication and key distribution', Proc. Advances in Cryptology — CRYPTO'93, August 1994, Santa Barbara, CA, USA, 773, p. 232–249, LNCS.
    12. 12)
      • Bellare, M., Rogaway, P.: `Provably secure session key distribution — the three party case', Proc. 28th Annual ACM Symp. Theory of Computing, May 1996, Philadephia, PA, p. 57–66.
    13. 13)
      • Bellare, M., Pointcheval, D., Rogaway, P.: `Authenticated key exchange secure against dictionary attacks', Proc. Advances in Cryptology — EUROCRYPT 2000, May 2000, Bruges, Belgium, 1807, p. 139–155, LNCS.
    14. 14)
      • Bellare, M., Rogaway, P.: `Random oracles are practical: a paradigm for designing efficient protocols', Proc. 1st Conf. Computer and Communications Security (ACM CCS 93), November 1993, Fairfax, VA, p. 62–73.
    15. 15)
      • W. Diffie , M.E. Hellman . New directions in cryptography. IEEE Trans. Inform. Theor. , 6 , 644 - 654
    16. 16)
      • Boyko, V., MacKenzie, P.D., Patel, S.: `Provably secure password-authenticated key exchange using Diffie–Hellman', Proc. Advances in Cryptology — EUROCRYPT 2000, May 2000, Bruges, Belgium, 1807, p. 156–171, LCNS.
    17. 17)
      • Goldreich, O., Lindell, Y.: `Session-key generation using human passwords only', Proc. Advances in Cryptology — CRYPTO 2001, August 2001, Santa Barbara, CA, 2139, p. 408–432, LNCS
    18. 18)
      • Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.-S.: `Password-authenticated key exchange between clients with different passwords', Proc. 4th Int. Conf. Information and Communication Security (ICICS 02), December 2002, Singapore, 2513, p. 134–146, LNCS.
    19. 19)
      • C.-L. Lin , H.-M. Sun , T. Hwang . Three-party encrypted key exchange: attacks and a solution. ACM SIGOPS Operating Systems Review , 4 , 12 - 20
    20. 20)
      • M. Steiner , G. Tsudik , M. Waidner . Refinement and extension of encrypted key exchange. ACM SIGOPS Operating Systems Review , 3 , 22 - 30
    21. 21)
      • Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: `A concrete security treatment of symmetric encryption', Proc. 38th Annual Symp. Foundations of Computer Science, October 1997, Miami Beach, FL, p. 394–403.
    22. 22)
      • Abdalla, M., Bellare, M., Rogaway, P.: `The oracle Diffie–Hellman assumptions and an analysis of DHIES', Proc. Topics in Cryptology — CT-RSA 2001, 2001, San Francisco, CA, 2020, p. 143–158, LNCS.
    23. 23)
      • Shoup, V.: `On formal models for secure key exchange, Technical Report RZ 3120', 1999, IBM.
    24. 24)
      • M. Bellare , J. Kilian , P. Rogaway . The security of the cipher block chaining message authentication code. J. Comput. Sys. Sci. , 3 , 362 - 399
    25. 25)
      • Bellare, M., Canetti, R., Krawczyk, H.: `Keying hash functions for message authentication', Proc. Advances in Cryptology — CRYPTO'96, August 1996, Santa Barbara, CA, 1109, p. 1–15, LNCS.
    26. 26)
      • Shoup, V.: `OAEP reconsidered', Proc. Advances in Cryptology — CRYPTO 2001, August 2001, Santa Barbara, CA, 2139, p. 239–259, LNCS.
    27. 27)
      • Abdalla, M., Fouque, P.-A., Pointcheval, D.: `Password-based authenticated key exchange in the three-party setting', Proc. 8th Int. Workshop on Theory and Practice in Public Key Cryptography (PKC 2005), January 2005, Les Diablerets, Switzerland, 3386, p. 65–84, LNCS.

Related content

This is a required field
Please enter a valid email address