Paper 2010/190

J-PAKE: Authenticated Key Exchange Without PKI

Feng Hao and Peter Ryan


Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.

Note: The earlier version of the paper can be found at: 2010-10-25: paper accepted by the TCS Journal - Springer Transactions on Computational Science after minor revision.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. A preliminary workshop version of the paper was presented at the 16th Workshop on Security Protocols, Cambridge, April 2008. This is a journal version of the paper. There is no technical change to the J-PAKE protocol.
Password-Authenticated Key ExchangeEKESPEKEkey agreement
Contact author(s)
haofeng66 @ gmail com
2010-10-25: last of 2 revisions
2010-04-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Feng Hao and Peter Ryan},
      title = {J-PAKE: Authenticated Key Exchange Without PKI},
      howpublished = {Cryptology ePrint Archive, Paper 2010/190},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.