Skip to Main Content
The password-based authenticated key exchange (PAKE) protocol in the three-party setting allows two clients communicating over a public network to establish a common session key with the help of a server. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. In this paper, we propose a new provably verifier-based three-party PAKE protocol to solve the server compromise problem and off-line dictionary attack problem. The security of the proposed scheme has been proven in the random oracle model under the gap Diffie-Hellman intractability assumption. The proposed protocol is efficient both in computational cost and in communication cost when compared with previous solutions.
Date of Conference: 20-22 Dec. 2008