An Efficient Client-to-Client Password-Authenticated Key Exchange Resilient to Server Compromise

Abstract

With rapid changes in the modern communication environment such as ad hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. This paper presents a new password authentication and key-exchange protocol suitable for client-to-client without a server public key in different realms to agree on a common session key using different passwords over an untrusted network. The proposed protocol's security, simplicity, and speed make it ideal for a wide range of real-world applications in which secure password authentication is required.