对两个口令认证密钥交换协议的安全性分析

口令认证密钥交换协议使得仅共享低熵口令的用户可以通过不安全的信道安全地协商出高熵的会话密钥，由于实用性较强受到了密码学研究者的广泛关注。对最近在“标准模型下高效的基于口令认证密钥协商协议”一文中提出的协议以及在“基于验证元的三方口令认证密钥交换协议”一文中提出的协议进行了分析，指出这两个口令认证密钥交换协议都是不安全的，难于抵抗离线字典攻击，进一步分析了原协议设计或安全性证明中被疏忽之处。

Cryptanalysis of two password authenticated key exchange protocols

Password authenticated key exchange protocol can be used for two parties sharing only a low-entropy password to establish high entropy shared keys.It has been extensively studied for its great application prosperity.In this paper,cryptanalysis of a protocol proposed by Shu et al. in the paper of ＂Provable Secure Encrypted Key Exchange Protocol under Standard Model＂ ,and a protocol proposed by Li et al. in the paper of ＂Verifier-Based Password Authenticated Key Exchange for Three Party＂ has been presented.Concrete off-line dictionary attacks in which an outside adversary traverses the password dictionary and verifies its guess in off-line manner are also presented.Further,the errors in the original security proof are also analyzed.