Cryptanalysis of an improved client-to-client Password-Authenticated Key Exchange (C2C-PAKE) scheme

Raphael C.W. Phan, Bok Min Goi

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

36 Citations (Scopus)


Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against attacks including the replay attack. In this paper, we cryptanalyze this protocol by showing two replay attacks that allow an attacker to falsely share a secret key with a legal client.

Original languageEnglish
Title of host publicationThird International Conference on Applied Cryptography and Network Security, ACNS 2005
Number of pages7
Publication statusPublished - 2005
Externally publishedYes
EventInternational Conference on Applied Cryptography and Network Security 2005 - New York, United States of America
Duration: 7 Jun 200510 Jun 2005
Conference number: 3rd (Proceedings)

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


ConferenceInternational Conference on Applied Cryptography and Network Security 2005
Abbreviated titleACNS 2005
Country/TerritoryUnited States of America
CityNew York
Internet address


  • Client-to-client
  • Cryptanalysis
  • Password-authenticated key exchange
  • Replay attack
  • Unknown key-share

Cite this