Fucai Zhou, Jian Xu, Enguang Zhou, and Bin Zhang


Password-based authentication, authenticated key exchange, Weilpairing, dictionary attacks, man-in-the-middle attack


Joux first presented a three-party key exchange protocol using bilinear pairing. Due to lack of authentication, the protocol is susceptible to the man-in-the-middle attacks. Since then, many im- proved protocols have been proposed, which adopt offline certificate mechanism. But the cost of the certificate mechanism is very high. So an efficient and secure four-party password-based authenticated key exchange protocol (4PAKE) using Weil pairing, which supports online mode instead of the offline certificate authentication centre, is proposed in this paper. Therefore, our protocol is quite different from the existing PAKE protocols, because it is securely and effi- ciently extended three-party case to four-party case with a formal proof of security. Through the analysis and comparison, there is not only no high computation and storage cost for authenticating clients’ identities in our protocol, but also no need for computing multiplicative inverse. Finally, we prove that the 4PAKE protocol fulfils the security requirement in random oracle model and ideal cipher model. So it can provide sufficient security against dictionary attacks, man-in-the-middle attacks and other known attacks.

Important Links:

Go Back