An Efficient Password-Only Authenticated Three-Party Key Exchange Protocol

Password-only authenticated key exchange (PAKE) protocols allow to generate cryptographically strong keys from humanmemorable passwords. The design of an efficient PAKE protocol is difficult, especially in the three-party setting where dictionary attacks by malicious insiders are a major concern. The difficulty is well illustrated by the fact that after twenty years of research, only a handful of three-party PAKE protocols are known to be provably secure in a model that captures insider attacks. This paper proposes a new, efficient three-party PAKE protocol which incorporates the design principle of Bresson et al.’s two-party PAKE protocol called OMDHKE. A cost comparison in terms of communication and computation complexities shows that the overall performance of our protocol is superior to those of previously published three-party PAKE protocols. Moreover, our protocol has an advantage over its competitors in that it can be easily transformed into a simpler and more efficient protocol in an environment where undetectable online dictionary attacks do not pose a significant threat. We provide a proof of security for the protocol in the widely accepted model of Bellare et al. which captures insider attack. Keyword: Cryptography, Authenticated key exchange, Dictionary attack, Three-party setting