Skip to Main Content
The cross-domain client-to-client password-authenticated key exchange (C2C-PAKE) protocols allow two client entities from different domains to establish a shared common session key based on their passwords. Most existing schemes make an improvement based on the prototype of the C2C-PAKE protocol proposed by Byun2007. Recently, Feng et al and Liu et al respectively proposed an efficient C2C-PAKE protocol which was based on the public key mechanism. In this paper, by cryptanalysis on these schemes, we find that the above protocols are easy to suffer from some unknown key share attacks, and furthermore, we search out the reasons that cause these situations happened and give some suggestions to improve these situations.