International E-publication: Publish Projects, Dissertation, Theses, Books, Souvenir, Conference Proceeding with ISBN.  International E-Bulletin: Information/News regarding: Academics and Research

Cryptanalysis of Verifier-Based Password Authenticated Key Agreement Protocol for Three Parties

Author Affiliations

  • 1Department of Computer Science and Engineering, Adikavi Nannaya University, Rajahmundry, Andhra Pradesh, INDIA
  • 2Department of Computer Science and Engineering, Osmania University, Hyderabad, Andhra Pradesh, INDIA

Res. J. Recent Sci., Volume 4, Issue (ISC-2014), Pages 5-8, (2015)


In this modern era of communication world even minor task requires to perform through internet which is not trustable. It is required to interchange secret session keys securely through insecure network for establishing communication securely. In two-party network, two communication clients share a low entropy password secretly to communicate in later sessions securely. But this paradigm requires high maintenance of passwords due to each new communicating pair requires separate passwords to establish communication securely. In three-party network, each communicating party shares a password with the third-party (server) to interchange a secret session key securely. The beauty of this setting is even server is not knowing the session key. Many authors have proposed various two-party and three-party protocols which are having their won pros and cons. In this paper we have cryptanalyzed verifier-based password authenticated key agreement protocol for three-party setting proposed by shaban et al.


  1. S. Bellovin and M. Merritt, Augmented encrypted key exchange: a password based protocol secure against dictionary attacks and password-file compromise, ACM Conference on Computer and Communications Security, 244-250, (1993)
  2. Y. Ding and P. Horster, Undetectable on-line password guessing attacks, ACM Operat-ing Systems Review, 29(4), 77-86, (1995)
  3. W. Diffie and M. Hellman, New directions in cryptography, IEEE Trans, On Information Theory, 22(6), 644-654, (1976)
  4. W. Diffie, P.C. Van Oorschot and M.J. Wiener, Authentication and authenticated key exchanges, Design, Codes and Cryptography,2, 107125, (1992)
  5. V. Boyko, P.D. MacKenzie and S. Patel. Provably secure password-authenticated key exchange using Diffe-Hellman// Proceedings of the 2000 Advances in Cryptology (EUROCRYPT'2000),156-171, Springer-Verlag,(2000)
  6. E. Bresson, O. Chevassut and D. Pointcheval, New security results on encrypted key exchange// Proceedings of the 7th International Workshop on Theory and Practice in Public Key Cryptography (PKC'2004), 145158, Springer-Verlag, (2004)
  7. R. Gennaro and Y. Lindell, A framework for password-based authenticated key exchange// Proceedings of the 2003 Advances in Cryptology (EUROCRYPT'2003), 524-543, Springer-Verlag,(2003)
  8. M. Steiner, G. Tsudik and M. Waidner, Refinement and extension of encrypted key exchange, ACM Operating Systems Review, 29(3), 22-30, (1995)
  9. C.L. Lin, M. Steiner and T. Hwang, Three-party Encrypted Key Exchange without Server Public-keys, IEEE Communications Letters, 5(12), 497-499 (2001)
  10. H.M. Sun, B.C. Chen and T. Hwang, Secure key agreement protocols for three-party against guessing attacks, The Journal of Systems and Software, 75, 6368, (2005)
  11. J. Nam, S. Kim, and D. Won, A weakness in Sun-Chen-Hwang's three-party key agreement protocols using passwords, Cryptology e Print Archive, Report 2004/348, (2004) (2014)
  12. S. Kulkarni, D. Jena and S.K. Jena, A Novel Secure Key Agreement Protocol using Trusted Third Party, Computer Science and Security Journals, IJCSS,1(1), 1118, (2007)