Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Cryptanalysis of tripartite and multi-party authenticated key agreement protocols
Information Sciences: an International Journal
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences: an International Journal
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement
Information Sciences: an International Journal
Information Sciences: an International Journal
The importance of proofs of security for key establishment protocols
Computer Communications
Simple authenticated key agreement and protected password change protocol
Computers & Mathematics with Applications
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Information Sciences: an International Journal
Highly Efficient Password-Based Three-Party Key Exchange in Random Oracle Model
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Cryptanalysis of two three-party encrypted key exchange protocols
Computer Standards & Interfaces
An off-line dictionary attack on a simple three-party key exchange protocol
IEEE Communications Letters
Simple password-based three-party authenticated key exchange without server public keys
Information Sciences: an International Journal
A communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
An novel three-party authenticated key exchange protocol using one-time key
Journal of Network and Computer Applications
Cryptanalysis of an efficient three-party password-based key exchange scheme
International Journal of Communication Systems
A new proxy signature scheme for a specified group of verifiers
Information Sciences: an International Journal
Provably secure three party encrypted key exchange scheme with explicit authentication
Information Sciences: an International Journal
The Journal of Supercomputing
Journal of Medical Systems
Hi-index | 0.07 |
In 2005, Wen et al. proposed a three-party password-based authenticated key exchange protocol using Weil pairing and showed that their protocol is provably secure. Unfortunately, Nam et al. demonstrated that Wen et al.'s protocol cannot resist a man-in-the-middle attack, and then interpreted their attack in the context of the formal proof model. Recently, Lu and Cao proposed a simple three-party password-based authenticated key exchange (S-3PAKE) protocol based on the CCDH assumption. They claimed that their protocol is superior to similar protocols with respect to security and efficiency. However, we find that the S-3PAKE protocol is still vulnerable to an impersonation-of-initiator attack, an impersonation-of-responder attack, and a man-in-the-middle attack. In this paper, we first briefly review the S-3PAKE protocol, and then demonstrate its weaknesses by using traditional informal description and formal description, respectively. To enhance the security of the S-3PAKE protocol, we suggest a countermeasure against our impersonation-of-initiator attack, impersonation-of-responder attack, and man-in-the-middle attack.