DIMACS TR: 2002-46
The PAK Suite: Protocols for Password-Authenticated Key Exchange
Authors: Philip MacKenzie
ABSTRACT
In this paper we give a detailed formal description of the PAK
password-authenticated key exchange protocol and some variants, and
provide provide complete proofs of security which we believe are more
straightforward than the original proofs. We also show a new general
method (called the Z-method) for making these protocols resilient to
server-compromise, so as to not allow an attacker that obtains
password verification data from a server to then impersonate a user.
When this method is applied to PAK, we call the resulting protocol
PAK-Z. Finally, we discuss the current state-of-the-art in
password-authenticated key exchange, with respect to both theory and
practice.
Paper Available at:
ftp://dimacs.rutgers.edu/pub/dimacs/TechnicalReports/TechReports/2002/2002-46.ps.gz
DIMACS Home Page