DIMACS TR: 2002-46

The PAK Suite: Protocols for Password-Authenticated Key Exchange

Authors: Philip MacKenzie


In this paper we give a detailed formal description of the PAK password-authenticated key exchange protocol and some variants, and provide provide complete proofs of security which we believe are more straightforward than the original proofs. We also show a new general method (called the Z-method) for making these protocols resilient to server-compromise, so as to not allow an attacker that obtains password verification data from a server to then impersonate a user. When this method is applied to PAK, we call the resulting protocol PAK-Z. Finally, we discuss the current state-of-the-art in password-authenticated key exchange, with respect to both theory and practice.

Paper Available at: ftp://dimacs.rutgers.edu/pub/dimacs/TechnicalReports/TechReports/2002/2002-46.ps.gz
DIMACS Home Page