IACR News item: 25 October 2012
Nishant Doshi
ePrint Report(3PAKE) protocol, more than two parties can communicate and
set up common shared secret key using the server. Recently,
Tan et al. proposed an enhanced 3PAKE scheme based on
elliptic curve cryptography (ECC) to minimize the operations and
make compatible for mobile commerce environments. However,
Nose showed the scheme of Tan et al. is susceptible to the
impersonation attack and the man-in-middle attack. However, in
this paper we have shown that Tan et al. protocol is susceptible to
the known session-specific temporary information attack and the
clock synchronization attack too. Afterwards, we have proposed
the protocol that withstands against the above mentioned attacks.
In addition, our proposed approach is based on the hash function
in place of the encryption/decryption function that was used in
Tan et al. scheme.
Additional news items may be found on the IACR news page.