Résumé: Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only- are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. In 1995, Steiner, Tsudik and Waidner proposed a realization of such a three-party protocol based on the Encrypted Key Exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. In 2000, Lin, Sun, and Hwang proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. In this letter, we propose a secure three-party EKE protocol without server public-keys.

Langue: Anglais