Paper 2021/1492

SoK: Password-Authenticated Key Exchange -- Theory, Practice, Standardization and Real-World Lessons

Feng Hao and Paul C. van Oorschot


Password-authenticated key exchange (PAKE) is a major area of cryptographic protocol research and practice. Many PAKE proposals have emerged in the 30 years following the original 1992 Encrypted Key Exchange (EKE), some accompanied by new theoretical models to support rigorous analysis. To reduce confusion and encourage practical development, major standards bodies including IEEE, ISO/IEC and the IETF have worked towards standardizing PAKE schemes, with mixed results. Challenges have included contrasts between heuristic protocols and schemes with security proofs, and subtleties in the assumptions of such proofs rendering some schemes unsuitable for practice. Despite initial difficulty identifying suitable use cases, the past decade has seen PAKE adoption in numerous large-scale applications such as Wi-Fi, Apple's iCloud, browser synchronization, e-passports, and the Thread network protocol for Internet of Things devices. Given this backdrop, we consolidate three decades of knowledge on PAKE protocols, integrating theory, practice, standardization and real-world experience. We provide a thorough and systematic review of the field, a summary of the state-of-the-art, a taxonomy to categorize existing protocols, and a comparative analysis of protocol performance using representative schemes from each taxonomy category. We also review real-world applications, summarize lessons learned, and highlight open research problems related to PAKE protocols.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. AsiaCCS 2022
PAKEpassword authenticated key exchangeauthenticated key exchange
Contact author(s)
haofeng66 @ gmail com
paulv @ scs carleton ca
2022-03-12: revised
2021-11-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Feng Hao and Paul C.  van Oorschot},
      title = {SoK: Password-Authenticated Key Exchange -- Theory, Practice, Standardization and Real-World Lessons},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1492},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.