Efficient password-authenticated key exchange for three-party secure against undetectable on-line dictionary attacks

Abstract

A password-authenticated key exchange (PAKE) protocol in the three-party setting allows two users communicating over a public network to agree on a common session key by the help of a server. In the setting the users do not share a password between themselves, but only with the server. In this paper, we explore the possibility of designing a round-efficient three-party PAKE protocol with a method to protect against undetectable on-line dictionary attacks without using the random oracle. The protocol matches the most efficient three-party PAKE protocol secure against undetectable on-line dictionary attacks among those found in the literature while providing the same level of security. Finally, we indentify the relations between detectable on-line and undetectable on-line dictionary attacks by providing counter-examples to support the observed relations 1. © Springer-Verlag Berlin Heidelberg 2006.