J-PAKE: Password Authenticated Key Exchange by Juggling Without PKI

Password Authenticated Key Exchange by Juggling(J-PAKE) is a password-authenticated key agreement(PAKE) protocol without requiring Public Key Infrastructure(PKI) for authentication. J-PAKE is able to establish a private and authenticated channel on top of an insecure network solely based on a shared password.

Why we need J-PAKE

• EKE may leak partial information about password to a passive attacker
• SPEKE allows an active attacker to test multiple password in one protocol execution
• They are both patented

Applications

• Firefox Sync (removed after 2015)
• OpenSSH and OpenSSL (removed after 2014)
• Thread(IoT wireless network protocol)
• Palemoon sync (forked from Firefox)

Zero-Knowledge Proof

J-PAKE use Zero-Knowledge Proof to produce valid knowledge proof of a discrete logarithm without revealing it. One example is to use Schnorr digital signature, which is a non-interactive protocol.

What is the group used in J-PAKE?

• Multiplicative group of integers modulo n
• Elliptic Curve Group

References

• Password Authenticated Key Exchange by Juggling
• J-PAKE: Authenticated Key Exchange Without PKI