Cryptanalysis of an efficient three-party password-based key exchange scheme

Authors:
Marcos A. Simplicio, Jr.;Rony R.M. Sakuragui
Affiliations:
Escola Politécnica—University of São Paulo, São Paulo, Brazil;Escola Politécnica—University of São Paulo, São Paulo, Brazil
Venue:
International Journal of Communication Systems
Year:
2012

Citing 15
Cited 0

Key Agreement Protocols and Their Security Analysis

Proceedings of the 6th IMA International Conference on Cryptography and Coding
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Three weaknesses in a simple three-party key exchange protocol

Information Sciences: an International Journal
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Information Sciences: an International Journal
Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract)

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments

Journal of Systems and Software
An off-line dictionary attack on a simple three-party key exchange protocol

IEEE Communications Letters
Cryptanalysis of a Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography

ICRCCS '09 Proceedings of the 2009 International Conference on Research Challenges in Computer Science
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A framework for password-based authenticated key exchange

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A communication-efficient three-party password authenticated key exchange protocol

Information Sciences: an International Journal
Cryptanalysis of a simple three-party password-based key exchange protocol

International Journal of Communication Systems
Efficient three-party password-based key exchange scheme

International Journal of Communication Systems
Simple password-based encrypted key exchange protocols

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
New directions in cryptography

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

Three-party password-authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human-memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar-purpose solutions. In this paper, however, we show that the solution is vulnerable to key-compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes. Copyright © 2011 John Wiley & Sons, Ltd.