Cryptology ePrint Archive: Report 2013/666

An Offline Dictionary Attack against a Three-Party Key Exchange Protocol

Junghyun Nam and Kim-Kwang Raymond Choo and Juryon Paik and Dongho Won

Abstract: Despite all the research efforts made so far, the design of protocols for password-authenticated key exchange (PAKE) still remains a non-trivial task. One of the major challenges in designing such protocols is to protect low-entropy passwords from the notorious dictionary attacks. In this work, we revisit Abdalla and Pointcheval's three-party PAKE protocol presented in Financial Cryptography 2005, and demonstrate that the protocol is vulnerable to an off-line dictionary attack whereby a malicious client can find out the passwords of other clients.

Category / Keywords: Password-authenticated key exchange (PAKE), three-party key exchange, password, dictionary attack.

Date: received 17 Oct 2013, last revised 17 Oct 2013

Contact author: jhnam at kku ac kr

Available format(s): PDF | BibTeX Citation

Version: 20131024:081130 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]