Cryptology ePrint Archive: Report 2013/540

On the security of a password-only authenticated three-party key exchange protocol

Junghyun Nam and Kim-Kwang Raymond Choo and Juryon Paik and Dongho Won

Abstract: This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702-1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary.

Category / Keywords: cryptographic protocols / Password-only authenticated key exchange (PAKE), Three-party key exchange, Man-in-the-middle (MITM) attack, Offline dictionary attack, Semantic security

Date: received 27 Aug 2013

Contact author: jhnam at kku ac kr

Available format(s): PDF | BibTeX Citation

Version: 20130830:130025 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]