International Journal of Wireless and Microwave Technologies(IJWMT)

ISSN: 2076-1449 (Print), ISSN: 2076-9539 (Online)

Published By: MECS Press

IJWMT Vol.1, No.5, Oct. 2011

A Three-Party Password Authenticated Key Exchange Protocol with Key Confirmation

Full Text (PDF, 172KB), PP.16-22

Views:52   Downloads:1


Gang Yao

Index Terms

Three-party password authenticated key exchange; key confirmation; pairing; security requirements


Three-party authenticated key exchange protocol is an important cryptographic technique in the secure communication areas, by which any two clients can verify the ability to use a server to establish communication. Recently, researchers have begun proposing new key exchange protocols that would not require the use of server public keys, but a human-memorable password. In this paper, we propose a new three-party password authenticated key exchange protocol with key confirmation. The security of our proposed protocol relies on the hardness of the bilinear Diffie-Hellman problem and Diffie-Hellman problem in the random oracle model, and the proposed protocol achieves the security attributes: dictionary attack resilience, known session key security, perfect forward secrecy, no key compromise impersonation, no unknown key share and no key control.

Cite This Paper

Gang Yao,"A Three-Party Password Authenticated Key Exchange Protocol with Key Confirmation", IJWMT, vol.1, no.5, pp.16-22, 2011.


[1]M. Abdalla, P. Fouque, and D. Pointcheval. "Password-Based Authenticated Key Exchange in the Three-Party Setting". International Workshop on Theory and Practice in Public Key Cryptography, LNCS 3386, Springer-Verlag, pp. 65-84, 2005. 

[2]S. Bellovin and M. Merritt. "Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks". Symposium on Security and Privacy, IEEE Computer Society, pp. 72-84, 1992.

[3]C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment. Springer-Verlag, 2003.

[4]C. Boyd, P. Montague and K. Nguyen. "Elliptic Curve Based Password Authenticated Key Exchange Protocols". Australasian Conference on Information Security and Privacy, LNCS 2119, Springer-Verlag, pp. 487-501, 2001.

[5]M. Bellare, D. Pointcheval, and P. Rogaway. "Authenticated Key Exchange Secure Against Dictionary Attacks". Advances in Cryptology − Proceedings of EUROCRYPT 2000, LNCS 1807, Springer-Verlag, pp. 139-155, 2000.

[6]Y. Chang. "A Practical Three-party Key Exchange Protocol with Round Efficiency". International Journal of Innovative Computing, vol. 4, no. 4, pp. 953-960, 2008.

[7]H. Chung and W. Ku, "Three Weaknesses in a Simple Three-Party Key Exchange Protocol". Information Science, vol. 178, no. 1, pp. 220-229, 2008.

[8]R. Gennaro. "Faster and Shorter Password-Authenticated Key Exchange". Theory of Cryptography Conference, LNCS 4948, Springer-Verlag, pp. 589-606, 2008.

[9]J. Katz, R. Ostrovsky and M. Yung. "Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords". Advances in Cryptology − Proceedings of EUROCRYPT 2001, LNCS 2045, Springer-Verlag, pp. 475-494, 2001.

[10]S. Lee, H. Kim and K. Yoo. "Efficient Verifier-based Key Agreement Protocol for Three Parties without Server's public key". Applied Mathematics and Computation, vol. 167, pp. 996-1003, 2005.

[11]C. Lin, H. Sun, and T. Hwang. "Three-Party Encrypted Key Exchange: Attacks and a Solution". ACM Operating Systems Review, vol. 34, no. 4, pp. 12-20, 2000.

[12]R. Lu, and Z. Cao. "Simple Three-Party Key Exchange Protocol". Computers & Security, vol. 26, no. 1, pp. 94-97, 2007.

[13]J. Nam, Y. Lee, S. Kim, and D. Won. "Security Weakness in a Three-party Pairing-based Protocol for Password Authenticated Key Exchange". Information Sciences, vol. 177, pp. 1364-1375, 2007.

[14]R. Phan, W Yau, and B. Goi. "Analysis of Two Pairing-based Three-party Password Authenticated Key Exchange Protocols". International Conference on Network and System Security, IEEE Computer Society, pp. 102-8106, 2009.

[15]R. Wang and K. Mo. "Security Enhancement on Efficient Verifier-based Key Agreement Protocol for Three Parties without Server's Public Key". International Mathematical, vol. 1, no. 20, pp. 965-972, 2006.

[16]H. Wen, T. Lee, and T. Hwang. "Provably Secure Threeparty Password-based Authenticated Key Exchange Protocol using Weil Pairing". IEE Proceedings − Communications, vol. 152, no. 2, pp. 138-143, 2005.