Paradox Stems from the Security Model or the Security Proof?

Abstract

Recently, Abdalla and Pointcheval proposed an efficient three-party password-authenticated key exchange protocoland provided a proof of security in the Bellare, Pointcheval, and Rogaway (BPR2000) model. Despite the claim of provable security, the protocol was subsequently shown insecure in them presence of an active adversary by Kim-Kwang et al. But they declaimed the flaws stemmed from the weakness of the security model. We defuse it by demonstrating that the attack can be captured in the BPR2000 model. Furthermore, we argue that the paradox is due to the flaws in the proof of security.