Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Explicit Communication Revisited: Two New Attacks on Authentication Protocols
IEEE Transactions on Software Engineering
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
Three-party encrypted key exchange: attacks and a solution
ACM SIGOPS Operating Systems Review
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Password-Authenticated Key Exchange between Clients with Different Passwords
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Secure key agreement protocols for three-party against guessing attacks
Journal of Systems and Software - Special issue: Software engineering education and training
Modeling insider attacks on group key-exchange protocols
Proceedings of the 12th ACM conference on Computer and communications security
A framework for password-based authenticated key exchange1
ACM Transactions on Information and System Security (TISSEC)
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences: an International Journal
Three weaknesses in a simple three-party key exchange protocol
Information Sciences: an International Journal
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Why provable security matters?
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A framework for password-based authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Examining indistinguishability-based proof models for key establishment protocols
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Errors in computational complexity proofs for protocols
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Interactive diffie-hellman assumptions with applications to password-based authentication
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Cryptanalysis of two user identification schemes with key distribution preserving anonymity
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Enhanced ID-Based authenticated key agreement protocols for a multiple independent PKG environment
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Cryptanalysis of the n-party encrypted diffie-hellman key exchange using different passwords
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Cryptanalysis of two three-party encrypted key exchange protocols
Computer Standards & Interfaces
An off-line dictionary attack on a simple three-party key exchange protocol
IEEE Communications Letters
Simple password-based three-party authenticated key exchange without server public keys
Information Sciences: an International Journal
A security weakness in Abdalla et al.'s generic construction of a group key exchange protocol
Information Sciences: an International Journal
Provably secure three-party password-based authenticated key exchange protocol
Information Sciences: an International Journal
Cryptanalysis of an efficient three-party password-based key exchange scheme
International Journal of Communication Systems
Information Sciences: an International Journal
Journal of Medical Systems
| Hi-index | 0.07 |
Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval. Furthermore, a simple improvement to S-3PAKE was proposed very recently by Chung and Ku to resist the kind of attacks that applied to earlier versions of 3PAKE. In this paper, we show that S-3PAKE falls to unknown key-share attacks by any other client, and undetectable online dictionary attacks by any adversary. The latter attack equally applies to the recently improved S-3PAKE. Indeed, the provable security approach should be taken when designing PAKEs; and furthermore our results highlight that extra cautions still be exercised when defining models and constructing proofs in this direction.