Cryptanalysis of Guo et al.'s three-party password-based authenticated key exchange (G-3PAKE) protocol

In 2008, Guo et al. have shown that Lu and Cao's simple three-party protocol for password-authenticated key exchanges (S-3PAKE) is indeed completely insecure against a kind of man-in-the-middle attack and the undetectable on-line password guessing attack. In addition, they have provided an improved protocol (G-3PAKE) that addresses the identified security problems. However, this paper demonstrates G-3PAKE protocol still falls to undetectable on-line password guessing attack by any other client. (C) 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ICAE2011.