Keywords: cryptanalysis, three-party, verifier-based, password authenticated key exchange, elliptic curve
Received August 26, 2009; revised October 19, 2009; accepted November 5, 2009.
Communicated by Chin-Laung Lei.
| Previous | [ 1] | [ 2] | [ 3] | [ 4] | [ 5] | [ 6] | [ 7] | [ 8] | [ 9] | [ 10] | [ 11] | [ 12] | [ 13] | [ 14] | [ 15] | [ 16] | [ 17] | [ 18] | [ 19] | [ 20] | [ 21] | [ 22] | [ 23] | [ 24] |
¡@
SHUHUA WU
Department of Networks Engineering
Zhengzhou Information Science Technology Institute
He'nan, 450002 P.R. China
E-mail: wushuhua726@sina.com.cn
This paper investigates verifier-based password authenticated key exchange (PAKE)
protocols in the three party setting. We first show that the protocol recently proposed by
Li et al. is vulnerable to off-line dictionary attack and unknown key-share attack. Moreover,
we also show that the direct elliptic curve (EC) analog of the DL based protocol
proposed by Kwon et al. can¡¦t resist the off-line password guessing attack. Thereafter we
present an enhanced protocol that can be securely implemented over elliptic curves. And
yet, our proposal is simple and efficient. Therefore, the protocol is quite popular in low
resource environments. Finally, as a result of our work, we also hope to have contributed
towards a better understanding that it is important to study the precise adaptation of DLbased
password authenticated protocols since direct EC analogs of DL based protocols
may be susceptible to some new attacks.
Received August 26, 2009; revised October 19, 2009; accepted November 5, 2009.
Communicated by Chin-Laung Lei.