Paper 2012/021

Security Analysis of J-PAKE

Mohsen Toorani

Abstract

J-PAKE is a balanced Password-Authenticated Key Exchange (PAKE) protocol, proposed in 2008 and presented again in 2010 and 2011. One of its distinguishing features is that it does not require Public Key Infrastructure (PKI). Instead, it deploys Zero-Knowledge (ZK) techniques through the Schnorr's signature, and requires many computations and random number generations. J-PAKE has been submitted as a candidate for the IEEE P1363.2 standard for password-based public key cryptography, included in OpenSSL and OpenSSH, and used in the Mozilla Firefox's Sync mechanism. In this paper, we show that the J-PAKE protocol is vulnerable to a password compromise impersonation attack, and has other shortcomings with respect to replay and Unknown Key-Share (UKS) attacks.

Note: J-PAKE: eprint Report 2010/190

Metadata
Available format(s)
-- withdrawn --
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
Password-Authenticated Key ExchangeCryptanalysisSecurity Problemsattacks
Contact author(s)
mohsen toorani @ ii uib no
History
2012-01-19: withdrawn
2012-01-18: received
See all versions
Short URL
https://ia.cr/2012/021
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.