|
|
中国科学院研究生院学报 2006
Cryptanalysis and Improvement of Client-to-Client Password Authenticated Key Exchange Protocol
|
Abstract:
Most password-based key exchange protocols consider how to exchange a session key between a client and a server.Client-to-Client password authenticated key exchange protocol considers the scenario where two clients want to establish a session key,but they only share their passwords with their own servers. In Ref.1],Jin Wook Byun et al proposed two such protocols called cross-realm C2C-PAKE and single-server C2C-PAKE.Recently,some flaws of these two protocols are found and some improvements are suggested.In this paper,we show that the cross-realm C2C-PAKE protocol and its all improved forms are still insecure.And we also present a new cross-realm C2C-PAKE protocol which is resistant to all known attacks.
