International Association
for Cryptologic Research

In the three party authentication key exchange

(3PAKE) protocol, more than two parties can communicate and

set up common shared secret key using the server. Recently,

Tan et al. proposed an enhanced 3PAKE scheme based on

elliptic curve cryptography (ECC) to minimize the operations and

make compatible for mobile commerce environments. However,

Nose showed the scheme of Tan et al. is susceptible to the

impersonation attack and the man-in-middle attack. However, in

this paper we have shown that Tan et al. protocol is susceptible to

the known session-specific temporary information attack and the

clock synchronization attack too. Afterwards, we have proposed

the protocol that withstands against the above mentioned attacks.

In addition, our proposed approach is based on the hash function

in place of the encryption/decryption function that was used in

Tan et al. scheme.