Universally Composable Three-Party Password Authenticated Key Exchange

Three-party password authenticated key exchange (3PAKE) allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in large communication network. However, most current 3PAKE protocols are analyzed in security models that don’t adequately address protocol composition problem. In this paper, a direct definition of security for 3PAKE within the universal composability framework is proposed, which captures the basic security requirements of the problem and is proven to be stronger than the commonly used security notions. To further justify our formulation of 3PAKE, we prove that a slight variant of a generic 3PAKE protocol by Wang and Hu securely realizes the new security definition.