Three-Party Password Authenticated Key Agreement Resistant to Server Compromise

  • Taekyoung Kwon
  • Dong Hoon Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4298)


Most of password authenticated key agreement protocols have focused on the two-party setting where two communicating parties share a human-memorable password. In this paper, we study password authenticated key agreement in the three-party setting where both communicating parties share respective passwords with a trusted third party rather than themselves. Previous results in this area have lack of security concerns and are never considered in the augmented model which was contrived to resist server compromise. Our contribution is, from the practical perspective, a new three-party password authenticated key agreement protocol that is first designed in the augmented model and very flexible in its message flows.


Modular Exponentiation Mode Protocol Message Block Dictionary Attack Augmented Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  3. 3.
    Bellovin, S., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password-file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250. ACM Press, New York (1993)CrossRefGoogle Scholar
  4. 4.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM Conference on Computer Communications Security, ACM Press, New York (2003)Google Scholar
  5. 5.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. on Information Theory 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    IEEE P1363.2, Standard specifications for password-based PKC techniques,
  7. 7.
    Jablon, D.: Research Papers on Strong Password Authentication,
  8. 8.
    Kwon, T.: Practical authenticated key agreement using passwords. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 1–12. Springer, Heidelberg (2004), Google Scholar
  9. 9.
    Lin, C., Sun, H., Hwang, T.: Three-party encrypted key exchange: Attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)CrossRefGoogle Scholar
  10. 10.
    Lin, C., Sun, H., Steiner, M., Hwang, T.: Three-party encrypted key exchange without srever public-keys. IEEE Communications Letters 5(12), 497–499 (2001)CrossRefGoogle Scholar
  11. 11.
    Lomas, M., Gong, L., Saltzer, J., Needham, R.: Reducing risks from poorly chosen keys. In: ACM Symposium on Operating System Principles, pp. 14–18. ACM Press, New York (1989)Google Scholar
  12. 12.
    Neuman, B.C., Tso, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications 32(9), 33–38 (1994)CrossRefGoogle Scholar
  13. 13.
    Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of Encrypted Key Exchange. ACM Operating Systems Review 29(3), 22–30 (1995)CrossRefGoogle Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Taekyoung Kwon
    • 1
  • Dong Hoon Lee
    • 2
  1. 1.School of Computer Engineering, Sejong University, Seoul 143-747Korea
  2. 2.National Security Research Institute, TaejeonKorea

Personalised recommendations