Password-Authenticated Multi-Party Key Exchange with Different Passwords

Password-authenticated key exchange (PAKE) allows two or multiple parties to share a session key using a human-memorable password only. PAKE has been applied in various environments, especially in the “clientserver” model of remotely accessed systems. Designing a secure PAKE scheme has been a challenging task because of the low entropy of password space and newly recognized attacks in the emerging environments. In this paper, we study PAKE for multi-party with different passwords which allows group users with different passwords to agree on a common session key by the help of a trusted server using their passwords only. In this setting, the users do not share a password between themselves but only with the server. The fundamental security goal of PAKE is security against dictionary attacks. We present the first two provably secure protocols for this problem in the standard model under the DDH assumption; our first protocol is designed to provide forward secrecy and to be secure against known-key attacks. The second protocol is designed to additionally provide key secrecy against curious servers. The protocols require a constant number of rounds.