EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Jin Wook Byun, Dong Hoon Lee, Jong In Lim

Research output: Contribution to journalArticlepeer-review

66 Citations (Scopus)


Most password-authenticated key agreement schemes described in the literature have focused on authenticated key agreement using a shared password between a client and a server. With rapid changes in the modern communication environment such as ad hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients. This paradigm is a quite different paradigm from the existing ones. In this paper, we study client-to-client password-authenticated key agreement (C2C-PAKA) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented a C2C-PAKA protocol under the cross-realm setting. However, the scheme was not formally treated, and subsequently found to be flawed. In addition, in this scheme, there is still opportunity for improvements both in the computation and communication aspects. We provide formal treatments for the C2C-PAKA protocol by using Bellare et al.'s security model. We also suggest an efficient C2C-PAKA protocol and prove that the protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.

Original languageEnglish
Pages (from-to)3995-4013
Number of pages19
JournalInformation Sciences
Issue number19
Publication statusPublished - 2007 Oct 1

Bibliographical note

Funding Information:
This research was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Advancement) (IITA-2006-(C1090-0603-0025)).


  • Authenticated key agreement
  • Cross-realm setting
  • Cryptography
  • Different password authentication

ASJC Scopus subject areas

  • Software
  • Control and Systems Engineering
  • Theoretical Computer Science
  • Computer Science Applications
  • Information Systems and Management
  • Artificial Intelligence


Dive into the research topics of 'EC2C-PAKA: An efficient client-to-client password-authenticated key agreement'. Together they form a unique fingerprint.

Cite this