Cryptology ePrint Archive: Report 2004/348

A weakness in Sun-Chen-Hwang's three-party key agreement protocols using passwords

Junghyun Nam, Seungjoo Kim, and Dongho Won

Abstract: Recently, Sun, Chen and Hwang [J. Syst. Software, 75 (2005), 63-68] have proposed two new three-party protocols, one for password-based authenticated key agreement and one for verifier-based authenticated key agreement. In this paper, we show that both of Sun-Chen-Hwang's protocols are insecure against an active adversary who can intercept messages, start multiple sessions of a protocol, or otherwise control the communication in the network. Also, we present a simple solution to the security problem with the protocols.

Category / Keywords: cryptographic protocols / Three-party key agreement; Password; Verifier; Active adversary

Date: received 7 Dec 2004, last revised 13 Dec 2004

Contact author: jhnam at dosan skku ac kr

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20041214:015057 (All versions of this report)

Short URL: ia.cr/2004/348

Discussion forum: Show discussion | Start new discussion