Cryptanalysis of an improved client-to-client Password-Authenticated Key Exchange (C2C-PAKE) scheme

Raphael C.W. Phan, Bok Min Goi

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

36 Citations (Scopus)

Abstract

Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against attacks including the replay attack. In this paper, we cryptanalyze this protocol by showing two replay attacks that allow an attacker to falsely share a secret key with a legal client.

Original languageEnglish
Title of host publicationThird International Conference on Applied Cryptography and Network Security, ACNS 2005
Pages33-39
Number of pages7
Volume3531
DOIs
Publication statusPublished - 2005
Externally publishedYes
EventInternational Conference on Applied Cryptography and Network Security 2005 - New York, United States of America
Duration: 7 Jun 200510 Jun 2005
Conference number: 3rd
https://link.springer.com/book/10.1007/b137093 (Proceedings)

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743

Conference

ConferenceInternational Conference on Applied Cryptography and Network Security 2005
Abbreviated titleACNS 2005
Country/TerritoryUnited States of America
CityNew York
Period7/06/0510/06/05
Internet address

Keywords

  • Client-to-client
  • Cryptanalysis
  • Password-authenticated key exchange
  • Replay attack
  • Unknown key-share

Cite this