Paper 2021/824

Security Characterization of J-PAKE and its Variants

Michel Abdalla, Manuel Barbosa, Peter B. Rønne, Peter Y. A. Ryan, and Petra Šala


The J-PAKE protocol is a Password Authenticated Key Establishment protocol whose security rests on Diffie-Hellman key establishment and Non-Interactive Zero Knowledge proofs. It has seen widespread deployment and has previously been proven secure, including forward secrecy, in a game-based model. In this paper we show that this earlier proof can be re-cast in the Universal Composability framework, thus yielding a stronger result. We also investigate the extension of such proofs to a significantly more efficient variant of the original J-PAKE, that drops the second round Non-Interactive Zero-Knowledge proofs, that we call sJ-PAKE. Adapting the proofs to this light-weight variant proves highly-non trivial, and requires novel proof strategies and the introduction of the algebraic group model. This means that J-PAKE implementations can be made more efficient by simply deleting parts of the code while retaining security under stronger assumptions. We also investigate the security of two further new variants that combine the efficiency gains of dropping the second round NIZK proofs with the gains achieved by two earlier, lightweight variants: RO-J-PAKE and CRS-J-PAKE. The earlier variants replaced the second Diffie-Hellman terms from each party by either a hash term or a CRS term, thus removing the need for half of the NIZK proofs in the first round. The efficiency and security assumptions of these variants are compared.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Password authenticated key-exchangeUniversal ComposabilityNon-interactive Zero Knowledge ProofSecurity
Contact author(s)
petra sala @ uni lu
peter ryan @ uni lu
peter roenne @ gmail com
michel abdalla @ ens fr
mbb @ fc up pt
2021-06-16: received
Short URL
Creative Commons Attribution


      author = {Michel Abdalla and Manuel Barbosa and Peter B.  Rønne and Peter Y. A.  Ryan and Petra Šala},
      title = {Security Characterization of J-PAKE and its Variants},
      howpublished = {Cryptology ePrint Archive, Paper 2021/824},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.