Offline dictionary attack on a universally composable three-party password-based key exchange protocol

Wei Yuan, Liang Hu, Hongtu Li, Jianfeng Chu
2011 Procedia Engineering  
Key exchange protocols are fundamental for establishing secure communication channels over public networks. Password-based key exchange protocols allow parties to share a secret key in an authentic manner based on an easily memorizable password. Recently, Deng et al. proposed a three-party password-based key exchange protocol in the universal composable framework in China Communications, where two users, each one of whom shares a human-memorable password with a trusted server, can authenticate
more » ... ach other and compute a secure session key. In this letter, we show that Deng et al.'s protocol is insecure against offline dictionary attack by any other client. Hence, the protocol doesn't achieve their aim.
doi:10.1016/j.proeng.2011.08.315 fatcat:a2en5l4lmjavjasdn27wtht2ge