Four-Party Password-based Authenticated Key Exchange Protocol

F. Zhou, J. Xu, E. Zhou, and B. Zhang (PR China)


Passwordbased authentication; Authenticated key exchange; Weil Pairing; Dictionary attacks.


Joux first presented a three-party key exchange protocol using bilinear pairing. Due to lack of authentication, the protocol is susceptible to the man-in-the-middle attacks. Since then, many improved protocols have been proposed, which adopt off-line certificate mechanism. But the cost of the certificate mechanism is very high. So an efficient and secure four-party password-based authenticated key exchange protocol (4PAKE) using weil-pairing, which supports on-line mode instead of the off-line certificate authentication center, is proposed in this paper. Therefore our protocol is quite different from the existing PAKE protocols, because it is securely and efficiently extended three-party case to four-party case with a formal proof of security. Through the analysis and comparison, there is not only no high computation and storage cost for authenticating clients’ identities in Our protocol, but also no need for computing multiplicative inverse. Finally, we prove that the 4PAKE protocol fulfils the security requirement in random oracle model and ideal cipher model. So it can provide sufficient security against dictionary attacks, man-in-the-middle attacks and other known attacks.

Important Links:

Go Back