Provable Security

Password-based authenticated key exchange (PAKE) protocols are a particular case of authenticated key exchange protocols in which the secret key or password used for authentication is not uniformly distributed over a large space, but rather chosen from a small set of possible values (a four-digit pin, for example). Since PAKE protocols rely on short and easily memorizable secrets, they also seem more convenient to use as they do not require an additional cryptographic devices capable of storing high-entropy secret keys. In this survey, we consider the problem of designing authenticated key exchange protocols in the password-based setting. In particular, we discuss the different security goals that one can consider as well as different ways of realizing these goals. Finally, we recall some of the most recent results in the area and discuss some of the issues regarding the implementation of these protocols.