Cryptanalysis of an Enhanced Simple Three-Party Key Exchange Protocol

A simple three-party password-based authenticated key exchange (S-3PAKE) protocols are extremely important to secure communications and are now extensively adopted in network communications. In 2009 et al. pointed out that S-3PAKE protocol, by Lu and Cao for password-authenticated key exchange in the three-party setting, is vulnerable to an off-line dictionary attack. Then, they proposed some countermeasures how to eliminate the security vulnerability of the S-3PAKE. Nevertheless, this paper points out their enhanced S-3PAKE protocol is still vulnerable to undetectable on-line dictionary attacks and off-line dictionary attack unlike their claim.