Abstract: In order to against dictionary attack and server compromise attack, this paper proposes a Elliptic Curve Digital Signature Algorithm(ECDSA)-based password authenticated key exchange protocol for three-party. ECDSA is divided into public key generation, signature verification process and verification process. On the bases of it, this protocol is divided into six steps, and designs mutual authentication mechanism. And any two clients can accomplish key exchange relying on the server. Analysis results show that this protocol can reduce the calculation difficulty and storage cost, and can resist dictionary attacks and server compromise attack.

Key words: Password Authenticated Key Exchange(PAKE), dictionary attack, Elliptic Curve Digital Signature Algorithm(ECDSA), replay attack

摘要： 提出一种基于椭圆曲线数字签名算法(ECDSA)的三方口令认证密钥交换协议。将ECDSA分为公钥生成、签名过程和验证过程 3个阶段，在此基础上，设计协议过程、双向认证机制，使任意2个用户通过服务器能进行身份认证和密钥交换。分析结果表明，该协议能降低计算难度和存储开销，抵抗字典攻击和服务器泄露攻击。

关键词: 口令认证密钥交换, 字典攻击, 椭圆曲线数字签名算法, 重放攻击

CLC Number: 

• TN918