Cryptology ePrint Archive: Report 2012/021

Security Analysis of J-PAKE

Mohsen Toorani

Abstract: J-PAKE is a balanced Password-Authenticated Key Exchange (PAKE) protocol, proposed in 2008 and presented again in 2010 and 2011. One of its distinguishing features is that it does not require Public Key Infrastructure (PKI). Instead, it deploys Zero-Knowledge (ZK) techniques through the Schnorr's signature, and requires many computations and random number generations. J-PAKE has been submitted as a candidate for the IEEE P1363.2 standard for password-based public key cryptography, included in OpenSSL and OpenSSH, and used in the Mozilla Firefox's Sync mechanism. In this paper, we show that the J-PAKE protocol is vulnerable to a password compromise impersonation attack, and has other shortcomings with respect to replay and Unknown Key-Share (UKS) attacks.

Category / Keywords: Cryptographic Protocols / Password-Authenticated Key Exchange, Cryptanalysis, Security Problems, attacks

Date: received 14 Jan 2012, last revised 19 Jan 2012, withdrawn 19 Jan 2012

Contact author: mohsen toorani at ii uib no

Available format(s): (-- withdrawn --)

Note: J-PAKE: eprint Report 2010/190

Version: 20120119:225007 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]