ISSN : 1796-2056
Volume : 4    Issue : 4    Date : June 2009

Cryptanalysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols
Tianjie Cao, Tao Quan, and Bo Zhang
Page(s): 263-270
Full Text:
PDF (514 KB)

Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) protocols allow two clients
establish a common session key based on their passwords. In a secure C2C-PAKE protocol, there
is no computationally bounded adversary learns anything about session keys shared between two
clients. Especially a participating server should not learn anything about session keys. Server-
compromise impersonation resilience is another desirable security property for a C2C-PAKE
protocol. It means that compromising the password verifier of any client A should not enable outside
adversary to share session key with A. Recently, Kwon and Lee proposed four C2C-PAKE protocols
in the three-party setting, and Zhu et al. proposed a C2C-PAKE protocol in the cross-realm setting.
All the proposed protocols are claimed to resist server compromise. However, in this paper, we
show that Kwon and Lee’s protocols and Zhu et al’s protocol exist server compromise attacks, and
a malicious server can mount man-in-themiddle attacks and can eavesdrop the communication
between the two clients.

Index Terms
Information security, authentication, password, cryptanalysis