Paper 2012/021

Security Analysis of J-PAKE

Mohsen Toorani


J-PAKE is a balanced Password-Authenticated Key Exchange (PAKE) protocol, proposed in 2008 and presented again in 2010 and 2011. One of its distinguishing features is that it does not require Public Key Infrastructure (PKI). Instead, it deploys Zero-Knowledge (ZK) techniques through the Schnorr's signature, and requires many computations and random number generations. J-PAKE has been submitted as a candidate for the IEEE P1363.2 standard for password-based public key cryptography, included in OpenSSL and OpenSSH, and used in the Mozilla Firefox's Sync mechanism. In this paper, we show that the J-PAKE protocol is vulnerable to a password compromise impersonation attack, and has other shortcomings with respect to replay and Unknown Key-Share (UKS) attacks.

Note: J-PAKE: eprint Report 2010/190

Available format(s)
-- withdrawn --
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Password-Authenticated Key ExchangeCryptanalysisSecurity Problemsattacks
Contact author(s)
mohsen toorani @ ii uib no
2012-01-19: withdrawn
2012-01-18: received
See all versions
Short URL
Creative Commons Attribution
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.