Binary Information Press
With advances in elliptic curve cryptography, Li et al. and Yoon et al. proposed two password-authenticated key exchange protocols without server's public key. They claimed to be secure against several possible attacks, securely update user passwords without a complicated process, and also provide explicit key authentication in the case of a session key agreement. Unfortunately, Li et al.'s protocol is vulnerable to off-line dictionary attack and man-in-the-middle attack. Meanwhile Yoon et al.'s protocol is subject to off-line dictionary attack and fails to provide backward secrecy.