The efficient 3-pass password-based key exchange protocol with low computational cost for client

Abstract

We propose the efficient password-based key exchange protocol, which resists against dictionary attack mounted by a passive or active adversary and is a 3-pass key exchange protocol, whereas existing protocols are 4-pass or more. Thus, considering network traffic, it will be able to reduce the total execution time in comparison with other several schemes. Especially, from the view point of the client’s computational cost, our protocol is suitable for mobile communications. It is because we can reduce the modular exponentiation of client (or mobile) in comparison with other several password-based protocols. Besides, the proposed scheme has the characteristics of perfect forward secrecy, and resists against a known key attack. It also offers resistance against a stolen verifier attack as A-EKE, B-SPEKE, and SRP. Finally, two parties involved in protocol are able to agree on Diffie-Hellman exponential gxy in the proposed scheme.