Security weakness in a three-party pairing-based protocol for password authenticated key exchange

Junghyun Nam, Youngsook Lee, Seungjoo Kim, Dongho Won

Research output: Contribution to journalArticlepeer-review

33 Citations (Scopus)


Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings-Communications 152 (2) (2005) 138-143) proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.'s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future.

Original languageEnglish
Pages (from-to)1364-1375
Number of pages12
JournalInformation Sciences
Issue number6
Publication statusPublished - 2007 Mar 15
Externally publishedYes


  • Key exchange protocol
  • Man-in-the-middle attack
  • Password-based authentication
  • Provable security
  • Weil pairing

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Software
  • Control and Systems Engineering
  • Computer Science Applications
  • Information Systems and Management
  • Artificial Intelligence


Dive into the research topics of 'Security weakness in a three-party pairing-based protocol for password authenticated key exchange'. Together they form a unique fingerprint.

Cite this