Nonlinear Dynamics

, Volume 78, Issue 2, pp 1293–1300 | Cite as

Cryptanalysis and enhancement of a chaotic maps-based three-party password authenticated key exchange protocol

  • Xuexian Hu
  • Zhenfeng Zhang
Original Paper


Recently, Lee et al. (Nonlinear Dyn, 73(1–2):125–132, 2013) proposed a three party password authenticated key exchange with user anonymity by utilizing extended chaotic maps. They claimed that their protocol is more secure than previously proposed schemes. In this paper, our analysis shows that Lee et al.’s protocol suffers from two kinds of attacks: (1) man-in-the-middle attack, and (2) user anonymity attack. To overcome these weakness, we propose an enhanced protocol that can resist the attacks described and yet with comparable efficiency.


Chaotic maps Key exchange protocol Anonymity Man-in-the-middle attack 



The work is supported by the National Basic Research Program of China (Grant No. 2013CB338003 and 2012CB315905), the National High Technology Research and Development Program of China (Grant No. 2012AA01A40 3), the National Natural Science Foundation of China (Grant No. 61170278, 91118006, and 61379150), and China Postdoctoral Science Foundation (Grant No. 2014M552524).)


  1. 1.
    Lu, R., Cao, Z.: Simple three-party key exchange protocol. Comput. Secur. 26(1), 94–97 (2007)CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. Lect. Notes Comput. Sci. 3376, 191–208 (2005)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Chung, H.R., Ku, W.C.: Three weaknesses in a simple three-party key exchange protocol. Inf. Sci. 178(1), 220–229 (2008)Google Scholar
  4. 4.
    Guo, H., Li, Z., Mu, Y., Zhang, X.: Cryptanalysis of simple three party key exchange protocol. Comput. Secur. 27(1), 16–21 (2008)CrossRefGoogle Scholar
  5. 5.
    Phan, R.C.W., Yau, W.C., Goi, B.M.: Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Inf. Sci. 178(13), 2849–2856 (2008)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Nam, J., Paik, J., Kang, H.: An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Commun. Lett. 13(3), 205–207 (2009)CrossRefGoogle Scholar
  7. 7.
    Chang, Y.F.: A practical three-party key exchange protocol with round efficiency. Int. J. Innov. Comput. Inf. Control 4(4), 953–960 (2008)Google Scholar
  8. 8.
    He, D., Chen, J., Hu, J.: Cryptanalysis of a simple three party key exchange protocol. Informatica 34(1), 337–339 (2010)MATHGoogle Scholar
  9. 9.
    Huang, H.: A simple three-party password-based key exchange protocol. Int. J. Commun. Syst. 22(7), 857–862 (2009)CrossRefGoogle Scholar
  10. 10.
    Yoon, E., Yoo, K.: Cryptanalysis of a simple three-party password-based key exchange protocol. Int. J. Commun. Syst. 24(4), 532–542 (2011)CrossRefGoogle Scholar
  11. 11.
    Wu, S.H., Chen, K.F., Zhu, Y.F.: Enhancements of a three-party password-based authenticated key exchange protocol. Int. Arab J. Inf. Technol. 10(3), 215–221 (2013)Google Scholar
  12. 12.
    Lee, C.C., Li, C.T., Hsu, C.W.: A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dyn. 73(1–2), 125–132 (2013)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Zhang, L.: Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fractals 37(3), 669–674 (2008)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2014

Authors and Affiliations

  1. 1.Trusted Computing and Information Assurance Laboratory, Institute of SoftwareChinese Academy of SciencesBeijingPeople’s Republic of China
  2. 2.State Key Laboratory of Mathematical Engineering and Advanced ComputingZhengzhouPeople’s Republic of China

Personalised recommendations