It is a crucial that password security be effective and constantly improved. The three-party encrypted key exchange (3PEKE) protocol has been used to protect passwords transmitted between users. Recently, Chang and Chang proposed a novel 3PEKE (ECC-3PEKE) protocol using a super-poly-to-one trapdoor function which demonstrates high efficiency. However, Chen et al. and Yoon et al., respectively, showed that the ECC-3PEKE protocol can not prevent undetectable on-line password guessing attacks and proposed improved protocols. Unfortunately, their improved protocols suffer from off-line password guessing attacks without perfect forward secrecy. Hence, the authors propose an improved protocol to strengthen their security.
INTERNATIONAL JOURNAL OF FOUNDATIONS OF COMPUTER SCIENCE