Cryptanalysis of a simple three-party password-based key exchange protocol.

In order to secure communications between two clients with a trusted server's help in public network environments, a three-party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three-party password-based authenticated key exchange (HS-3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS-3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd. In 2009, Huang proposed a simple three-party password-based authenticated key exchange (HS-3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS-3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that the HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks and offline password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]