On the Security of One Password Authenticated Key Exchange Protocol

In this paper the Security Evaluated Standardized Password Authenticated Key Exchange ( SESPAKE ) protocol is proposed (this protocol is approved in the standardization system of the Russian Federation) and its cryptographic properties are analyzed. The SESPAKE protocol includes a key agreement step and a key authentication step. We define new indistinguishability-based adversary model with a threat of false authentication that is an extension of the original indistinguishability-based model up to the case of protocols with authentication step without key diversification. We prove the protocol security under two types of threats: a classic threat of distinguishing a generated session key from a random string and a threat of false authentication. This protocol is the first password authenticated key exchange protocol (PAKE ) protocol without key diversification for a full version of which a security proof has been obtained. The paper also contains a brief review of the known results dedicated to analysis of cryptographic properties of PAKE protocols. ∗Ph.D., Head of Information Security Department, CryptoPro LLC, Russia; [email protected] †Ph.D., Deputy Head of Information Security Dept., CryptoPro LLC, Russia; [email protected] ‡Ph.D., Lead Engineer-Analyst, CryptoPro LLC, Russia; [email protected] §Engineer-Analyst, CryptoPro LLC, Russia; [email protected]