Paper 2010/052

Cryptanalysis and Improvement of a New Gateway-Oriented Password-Based Authenticated Key Exchange Protocol

FuShan Wei, QingFeng Cheng, and ChuanGui Ma


Abdalla et al. proposed the first gateway-oriented password-based authenticated key exchange (GPAKE) protocol. The security goal of GPAKE is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information of the password to the gateway. However, Byun et al. showed that the original GPAKE protocol was suspectable to an undetectable on-line dictionary attack by a malicious gateway. Recently, Abdalla et al. presented a new variant of the original GPAKE protocol to resist Byun et al.'s attack. In this letter, we show that the new GPAKE protocol is still vulnerable to another simple but powerful undetectable on-line dictionary attack. We then make a suggestion for improvement.

Available format(s)
-- withdrawn --
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
authenticated key exchangepasswordundetectable on-line dictionary attack
Contact author(s)
weifs831020 @ 163 com
2010-02-02: withdrawn
2010-02-01: received
See all versions
Short URL
Creative Commons Attribution
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.