Cryptology ePrint Archive: Report 2013/666
An Offline Dictionary Attack against a Three-Party Key Exchange Protocol
Junghyun Nam and Kim-Kwang Raymond Choo and Juryon Paik and Dongho Won
Abstract: Despite all the research efforts made so far, the design of protocols for password-authenticated key exchange (PAKE) still remains a non-trivial task. One of the major challenges in designing such protocols is to protect low-entropy passwords from the notorious dictionary attacks. In this work, we revisit Abdalla and Pointcheval's three-party PAKE protocol presented in Financial Cryptography 2005, and demonstrate that the protocol is vulnerable to an off-line dictionary attack whereby a malicious client can find out the passwords of other clients.
Category / Keywords: Password-authenticated key exchange (PAKE), three-party key exchange, password, dictionary attack.
Date: received 17 Oct 2013, last revised 17 Oct 2013
Contact author: jhnam at kku ac kr
Available format(s): PDF | BibTeX Citation
Version: 20131024:081130 (All versions of this report)
Short URL: ia.cr/2013/666
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]