简单的三方口令密钥交换协议

Simple Three-Party Password Key Exchange Protocol

基于口令认证的三方密钥交换协议（3PAKE）是通信双方在认证服务器的帮助下能在公开非安全的信道上协商并建立一个共享会话密钥。虽然目前有不少该方面的研究，但多数后来被证实易受攻击。本文给合以往的研究，提出一个不需服务器公钥体系的简单的基于口令认证的三方密钥交换协议。本文的协议不仅能抵抗各种攻击，而且计算成本和通信成本都比较低。

A three-party password key exchange protocol （3PAKE） is the protocol that the two communications parties can negotiate a shared session key over an insecure network environment under the help of an authentication server.Although lots of works have been focused in this area over pass ten yes,many of them have been found to be vulnerable all kinds of attacks later.In this paper,we proposed an simple three-party password-based key exchange protocol which without using public cryptosystems.Not only the protocol can resist all kinds of attack,but also the computation and communication overhead are both low as well.