University of South Alabama
The authors present the first provably-secure 3-party Password-only Authenticated Key Exchange (PAKE) protocol that can run in only two communication rounds. Their protocol is generic in the sense that it can be constructed from any 2-party PAKE protocol. The protocol is proven secure in a variant of the widely accepted model of Bellare, Pointcheval and Rogaway without any idealized assumptions on the cryptographic primitives used. They also investigate the security of the 2-round 3-party PAKE protocol of Wang, Hu and Li, and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary.