Paper 2015/080

The Fairy-Ring Dance: Password Authenticated Key Exchange in a Group

Feng Hao, Xun Yi, Liqun Chen, and Siamak F. Shahandashti


In this paper, we study Password Authenticated Key Exchange (PAKE) in a group. First, we present a generic ``fairy-ring dance'' construction that transforms any secure two-party PAKE scheme to a group PAKE protocol while preserving the round efficiency in the optimal way. Based on this generic construction, we present two concrete instantiations based on using SPEKE and J-PAKE as the underlying PAKE primitives respectively. The first protocol, called SPEKE+, accomplishes authenticated key exchange in a group with explicit key confirmation in just two rounds. This is more round-efficient than any existing group PAKE protocols in the literature. The second protocol, called J-PAKE+, requires one more round than SPEKE+, but is computationally faster. Finally, we present full implementations of SPEKE+ and J-PAKE+ with detailed performance measurements. Our experiments suggest that both protocols are feasible for practical applications in which the group size may vary from three to several dozen. This makes them useful, as we believe, for a wide range of applications -- e.g., to bootstrap secure communication among a group of smart devices in the Internet of Things (IoT).

Note: Updated to be consistent with the camera ready version for IoTPTS'15

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Contact author(s)
haofeng66 @ gmail com
2015-02-11: last of 3 revisions
2015-02-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Feng Hao and Xun Yi and Liqun Chen and Siamak F.  Shahandashti},
      title = {The Fairy-Ring Dance: Password Authenticated Key Exchange in a Group},
      howpublished = {Cryptology ePrint Archive, Paper 2015/080},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.