Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server’s public key and smart card

Abstract

Three-party password-authenticated key exchange (3PAKE) protocol allows two users to establish a secure session key over an insecure communication channel with the help of a trusted server. Recently, Farash and Attari proposed a chaotic maps-based 3PAKE protocol without using server’s public key, smart card and symmetric cryptosystems and claimed its security by providing well-organized security proof. Unfortunately, in this paper, we demonstrate that their protocol cannot resist impersonation attack and off-line password guessing attack. To overcome their security weaknesses, we propose an improved chaotic maps-based 3PAKE protocol with the same advantages. Further, we apply the pi calculus-based formal verification tool ProVerif to show that our 3PAKE protocol achieves authentication and security and show that our protocol is more efficient than Farash and Attari’s protocol in terms of computation and communication costs.