Balanced PAKE

Balanced PAKE satisfy all the security requirements and allow parties to negotiate with each other to get a same shared key for encryption by some magic mathematical computation based on their common knowledge of a same password. It prevents messages from being eavesdropped and tampered, so we can keep the secrecy and integrity of the transmitted data.

We will next introduce two of most well-known protocol of Balanced PAKE, EKE and SPEKE.

EKE: Encrypted Key Exchange

Encrypted Key Exchange, often abbreviated to EKE, is invented by Steven M. Bellovin and Michael Merritt in 1992, when they worked in AT&T Bell Laboratories.

In general forms of Encrypted Key Exchange, at least one engaging parties will use the common password with a random number to generate a ephemeral (one-time) public key, and sends it to another party, who can use this received ephemeral public key to generate another public key to send to the next party or send it back to the first one. After one or more rounds of the exchange of the one-time public keys, the engaging parties can use them with the common password to generate a shared key for encryption.

SPEKE: Simple Password Exponential Key Exchange

Simple Password Exponential Key Exchange, often abbreviated to SPEKE is proposed by David P. Jablon in 1996. The protocol is almost same as Diffie-Hellman Key Exchange, except the group generate is derived from the password.

References

• CryptoWiki: Encrypted Key Exchange
• Wiki: Encrypted key exchange
• Authenticated Key Exchange with SPEKE or DH-EKE
• Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks
• Strong Password-Only Authenticated Key Exchange