Three-party Encrypted Key Exchange without server public-keys

Chun Li Lin, Hung Min Sun, Michael Steiner, Tzonelih Hwang

Research output: Contribution to journalArticlepeer-review

139 Citations (Scopus)


Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. In 1995, Steiner, Tsudik and Waidner proposed a realization of such a three-party protocol based on the Encrypted Key Exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. In 2000, Lin, Sun, and Hwang proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. In this letter, we propose a secure three-party EKE protocol without server public-keys.

Original languageEnglish
Pages (from-to)497-499
Number of pages3
JournalIEEE Communications Letters
Issue number12
Publication statusPublished - 2001 Dec

All Science Journal Classification (ASJC) codes

  • Modelling and Simulation
  • Computer Science Applications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Three-party Encrypted Key Exchange without server public-keys'. Together they form a unique fingerprint.

Cite this