Paper 2023/768

Owl: An Augmented Password-Authenticated Key Exchange Scheme

Feng Hao, University of Warwick
Samiran Bag, The Alan Turing Institute
Liqun Chen, University of Surrey
Paul C. van Oorschot, Carleton University

We present Owl, an augmented password-authenticated key exchange (PAKE) protocol that is both efficient and supported by security proofs. Owl is motivated by recognized limitations in SRP-6a and OPAQUE. SRP-6a is the only augmented PAKE that has enjoyed wide use in practice to date, but it lacks the support of formal security proofs, and does not support elliptic curve settings. OPAQUE was proposed in 2018 as a provably secure and efficient alternative to SRP-6a, and was chosen by the IETF in 2020 for standardization, but open issues leave it unclear whether OPAQUE will replace SRP-6a in practice. Owl is obtained by efficiently adapting J-PAKE to an asymmetric setting, providing additional security against server compromise yet with lower computation than J-PAKE. Our scheme is provably secure, efficient and agile in supporting implementations in diverse multiplicative groups and elliptic curve settings. Owl is the first solution that provides systematic advantages over SRP-6a in terms of security, computation, message sizes, and agility. Owl’s agility across settings also contrasts ongoing issues related to how OPAQUE will instantiate a hash-to-curve operation in the elliptic curve setting (and what impact this will have on efficiency, security and forward compatibility with new elliptic curves in the future).

Available format(s)
Cryptographic protocols
Publication info
Key agreementpassword authenticated key exchangePAKEaugmented PAKE
Contact author(s)
feng hao @ warwick ac uk
samiran bag @ gmail com
liqun chen @ surrey ac uk
paulv @ scs carleton ca
2023-05-30: approved
2023-05-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Feng Hao and Samiran Bag and Liqun Chen and Paul C. van Oorschot},
      title = {Owl: An Augmented Password-Authenticated Key Exchange Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2023/768},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.