• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Practical Password-Authenticated Three-Party Key Exchange


Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the client-server applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.


Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]
Jeong Ok Kwon, Ik Rae Jeong and Dong Hoon Lee, "Practical Password-Authenticated Three-Party Key Exchange," KSII Transactions on Internet and Information Systems, vol. 2, no. 6, pp. 312-332, 2008. DOI: 10.3837/tiis.2008.06.003

[ACM Style]
Kwon, J. O., Jeong, I. R., and Lee, D. H. 2008. Practical Password-Authenticated Three-Party Key Exchange. KSII Transactions on Internet and Information Systems, 2, 6, (2008), 312-332. DOI: 10.3837/tiis.2008.06.003