Paper 2004/233

Password-Based Authenticated Key Exchange in the Three-Party Setting

Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval


Password-based authenticated key exchange are protocols which are designed to be secure even when the secret key or password shared between two users is drawn from a small set of values. Due to the low entropy of passwords, such protocols are always subject to on-line guessing attacks. In these attacks, the adversary may succeed with non-negligible probability by guessing the password shared between two users during its on-line attempt to impersonate one of these users. The main goal of password-based authenticated key exchange protocols is to restrict the adversary to this case only. In this paper, we consider password-based authenticated key exchange in the three-party scenario, in which the users trying to establish a secret do not share a password between themselves but only with a trusted server. Towards our goal, we recall some of the existing security notions for password-based authenticated key exchange protocols and introduce new ones that are more suitable to the case of generic constructions. We then present a natural generic construction of a three-party protocol, based on any two-party authenticated key exchange protocol, and prove its security without making use of the Random Oracle model. To the best of our knowledge, the new protocol is the first provably-secure password-based protocol in the three-party setting.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Passwordauthenticated key exchangekey distributionmulti-party protocols.
Contact author(s)
Michel Abdalla @ ens fr
2004-09-13: received
Short URL
Creative Commons Attribution


      author = {Michel Abdalla and Pierre-Alain Fouque and David Pointcheval},
      title = {Password-Based Authenticated Key Exchange in the Three-Party Setting},
      howpublished = {Cryptology ePrint Archive, Paper 2004/233},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.