Paper 2004/348

A weakness in Sun-Chen-Hwang's three-party key agreement protocols using passwords

Junghyun Nam, Seungjoo Kim, and Dongho Won

Abstract

Recently, Sun, Chen and Hwang [J. Syst. Software, 75 (2005), 63-68] have proposed two new three-party protocols, one for password-based authenticated key agreement and one for verifier-based authenticated key agreement. In this paper, we show that both of Sun-Chen-Hwang's protocols are insecure against an active adversary who can intercept messages, start multiple sessions of a protocol, or otherwise control the communication in the network. Also, we present a simple solution to the security problem with the protocols.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
Three-party key agreementPasswordVerifierActive adversary
Contact author(s)
jhnam @ dosan skku ac kr
History
2004-12-14: revised
2004-12-13: received
See all versions
Short URL
https://ia.cr/2004/348
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2004/348,
      author = {Junghyun Nam and Seungjoo Kim and Dongho Won},
      title = {A weakness in Sun-Chen-Hwang's three-party key agreement protocols using passwords},
      howpublished = {Cryptology ePrint Archive, Paper 2004/348},
      year = {2004},
      note = {\url{https://eprint.iacr.org/2004/348}},
      url = {https://eprint.iacr.org/2004/348}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.