Cryptanalysis of the N-party encrypted diffie-hellman key exchange using different passwords

Raphael C.W. Phan, Bok Min Goi

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

17 Citations (Scopus)


We consider the security of the n-party EKE-U and EKE-M protocols proposed by Byun and Lee at ACNS '05. We show that EKE-U is vulnerable to an impersonation attack, offline dictionary attack and undetectable online dictionary attack. Surprisingly, even the strengthened variant recently proposed by the same designers to counter an insider offline dictionary attack by Tang and Chen, is equally vulnerable. We also show that both the original and strengthened EKE-M variants do not provide key privacy, a criterion desired by truly contributory key exchange schemes and recently formalized by Abdalla et al. We discuss ways to protect EKE-U against our attacks and argue that the strengthened EKE-U scheme shows the most potential as a provably secure n-party PAKE.

Original languageEnglish
Title of host publicationApplied Cryptography and Network Security - 4th International Conference, ACNS 2006, Proceedings
Number of pages13
ISBN (Print)3540347038, 9783540347033
Publication statusPublished - 2006
Externally publishedYes
EventInternational Conference on Applied Cryptography and Network Security 2006 - Singapore, Singapore
Duration: 6 Jun 20069 Jun 2006
Conference number: 4th (Proceedings)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3989 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Conference on Applied Cryptography and Network Security 2006
Abbreviated titleACNS 2006
Internet address


  • Collusion
  • Cryptanalysis
  • Dictionary attack
  • Key privacy
  • N-party
  • Password-authenticated key exchange

Cite this