Paper 2019/1194

Perfect Forward Security of SPAKE2

Michel Abdalla and Manuel Barbosa


SPAKE2 is a balanced password-authenticated key exchange (PAKE) protocol, proposed by Abdalla and Pointcheval at CTRSA 2005. Due to its simplicity and efficiency, SPAKE2 is one of the balanced PAKE candidates currently under consideration for standardization by the CFRG, together with SPEKE, CPace, and J-PAKE. In this paper, we show that SPAKE2 achieves perfect forward security in the random-oracle model under the Gap Diffie-Hellman assumption. Unlike prior results, which either did not consider forward security or only proved a weak form of it, our results guarantee the security of the derived keys even for sessions that were created with the active involvement of the attacker, as long as the parties involved in the protocol are not corrupted when these sessions take place. Finally, our proofs also demonstrate that SPAKE2 is flexible with respect to the generation of its global parameters M and N. This includes the cases where M is a uniform group element and M=N or the case where M and N are chosen as the output of a random oracle.

Note: The results in this paper have now been merged with those in ePrint 2020/320 (Universally Composable Relaxed Password Authenticated Key Exchange), which analyzes the security of several PAKE protocols (including SPAKE2) in the universal composability framework and their relation to game-based PAKE notions.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Password authenticationkey exchangePAKE
Contact author(s)
michel abdalla @ ens fr
mbb @ fc up pt
2020-04-27: last of 4 revisions
2019-10-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Michel Abdalla and Manuel Barbosa},
      title = {Perfect Forward Security of {SPAKE2}},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1194},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.