Cryptology ePrint Archive: Report 2021/1492

SoK: Password-Authenticated Key Exchange -- Theory, Practice, Standardization and Real-World Lessons

Feng Hao and Paul C. van Oorschot

Abstract: Password-authenticated key exchange (PAKE) is a major area of cryptographic protocol research and practice. Many PAKE proposals have emerged in the 30 years following the original 1992 Encrypted Key Exchange (EKE), some accompanied by new theoretical models to support rigorous analysis. To reduce confusion and encourage practical development, major standards bodies including IEEE, ISO/IEC and the IETF have worked towards standardizing PAKE schemes, with mixed results. Challenges have included contrasts between heuristic protocols and schemes with security proofs, and subtleties in the assumptions of such proofs rendering some schemes unsuitable for practice. Despite initial difficulty identifying suitable use cases, the past decade has seen PAKE adoption in numerous large-scale applications such as Wi-Fi, Apple's iCloud, browser synchronization, e-passports, and the Thread network protocol for Internet of Things devices. Given this backdrop, we consolidate three decades of knowledge on PAKE protocols, integrating theory, practice, standardization and real-world experience. We provide a thorough and systematic review of the field, a summary of the state-of-the-art, a taxonomy to categorize existing protocols, and a comparative analysis of protocol performance using representative schemes from each taxonomy category. We also review real-world applications, summarize lessons learned, and highlight open research problems related to PAKE protocols.

Category / Keywords: cryptographic protocols / PAKE, password authenticated key exchange, authenticated key exchange

Date: received 9 Nov 2021, last revised 9 Nov 2021

Contact author: haofeng66 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20211115:124937 (All versions of this report)

Short URL: ia.cr/2021/1492


[ Cryptology ePrint archive ]