Password-authenticated key exchange between clients with different passwords

Jin Wook Byun, Ik Rae Jeong, Dong Hoon Lee, Chang Seop Park

Research output: Chapter in Book/Report/Conference proceedingConference contribution

93 Citations (Scopus)


Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

Original languageEnglish
Title of host publicationInformation and Communications Security - 4th International Conference, ICICS 2002, Proceedings
EditorsRobert Deng, Feng Bao, Jianying Zhou, Sihan Qing
PublisherSpringer Verlag
Number of pages13
ISBN (Print)3540001646
Publication statusPublished - 2002
Event4th International Conference on Information and Communications Security, ICICS 2002 - Singapore, Singapore
Duration: 2002 Dec 92002 Dec 12

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other4th International Conference on Information and Communications Security, ICICS 2002

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2002.


  • Cross-realm
  • Dictionary attack
  • Kerberos
  • Key exchange
  • Password authentication

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Password-authenticated key exchange between clients with different passwords'. Together they form a unique fingerprint.

Cite this