1 Introduction

With the development of Intelligent Information Systems, people gradually move into intelligent life. Mobile Internet, Wireless Networks and Sensor Networks are the important infrastructures of Intelligent Information Systems. In these environments, there are many intelligent terminals such as smart phones. For example, in China, there were more than 656 million Mobile Internet users from the 38th Internet Statistics Report of China Internet Network Information Center. There are many kinds of applications for Intelligent Information Systems, including Wechat, Intelligent Transportation, Mobile payment and so on. The 2016 Internet Trends Report of KPCB showed that the number of Wechat monthly active users was more than 700 million. Lots of sensitive and private data are handled and transferred in these applications. When Wechating you hope that others besides your friends cannot learn your chatting messages, and you wish your bank accounts and passwords could be kept in secret when paying by mobile phones. Therefore, these applications must take measures to ensure communication security and data privacy. For example, Chen et al. (2016a) designed a secure Mobile Chat APP. In general, each user of these applications has a secret private password that is shared with a trusted server. When user A wants to communicate with user B securely, they first must generate a common cryptographically strong key for the session with the server’s help. This model is called three-party password-based authenticated key exchange (3PAKE) protocol. There are lots of works for modelling and designing 3PAKE protocols. For a brief reviews, please refer to related works of traditional 3PAKE.

In Mobile Internet, Wireless Networks and Sensor Networks environments, because almost all the intelligent terminals are running in the public environment, there have many side-channel attacks (Hu et al. 2016; Chasaki and Mansour 2015) such as measuring electromagnetic emissions, calculating power consumption, observing keystroke gesture and so on. Thus, in order to ensure communication security and data privacy of the intelligent terminals, applications of these terminals not only should employ the secure protocols such as 3PAKE, but also must take measures to resist side-channel attacks. For 3PAKE, it’s very vulnerable to side-channel attacks, because a very small leakage may completely expose the whole password. Therefore, it is very necessary to model and construct the leakage-resilient (LR) 3PAKE protocols. However, there is no previous works for standardizing the security models and designing the LR 3PAKE protocols.

In the paper, we first define a continuous after-the-fact (AF) LR (CAFLR) eCK security model for 3PAKE, where the leakages are continuous and are permitted after the adversary asks the test challenger. Then, we propose a LR 3PAKE protocol based on key derivation function (KDF) (Krawczyk 2008), leakage-resilient storage (LRS) (Davì et al. 2010) and leakage-resilient refreshing of LRS. At last, we show a formal security proof in the standard model based on the new CAFLR eCK security model.

The rest of the paper is arranged by the following. Section 2 reviews related works. Section 3 presents the used cryptography tools. Section 4 introduces the \(\lambda\)-CAFLR eCK security model for 3PAKE protocol. Section 5 describes the new protocol and its provable security. Finally, Sect. 6 shows the conclusions and the future works.

2 Related works

2.1 Traditional 3PAKE

The first password-based authenticated key exchange (PAKE) protocol was introduced by Bellovin and Merritt (1992). Bellare et al. (2000) and Mackenzie et al. (2000) first proposed the provably secure PAKE protocols and formally proved the security in the random oracle (RO) model. Then, Jin et al. (2007) and Farash and Attari (2014b) gave some improvements and generalizations to provably PAKE protocols in the RO model. In 2006, Goldreich and Lindell (2006) first showed a PAKE protocol that was secure in the standard model. Then, some efficient constructions for PAKE protocols in the standard model were presented (Katz et al. 2009, 2012; Ran et al. 2012; Goyal 2012). Ou et al. (2015) proposed a mutual authenticated PAKE protocol that is called explicit PAKE.

More precisely, the above PAKEs are called two-party PAKE protocols (2PAKE) that are fit for the client–server environment. However, in the large-scale client–client communication environment, 2PAKE protocols are impractical because it is infeasible for each two clients having a shared password and for each client remembering all passwords of all his communicating partners. Thus, three-party PAKE protocol (3PAKE) is proposed where a trusted server helps two communicating clients to generate a secure session key and each client shares his secret password with the trusted server in some form. A lot of 3PAKE protocols have been developed in which three main approaches were used, that were (1) Utilizing the public key of the server (Xie et al. 2013; Xiong et al. 2013), (2) Utilizing symmetric keys shared by the sever and clients (Zhao and Gu 2012; Yang and Cao 2012) and (3) without public key or symmetric algorithms (Wu et al. 2012; Tso 2013; Pu et al. 2013; Farash and Attari 2014a; Wang et al. 2018).

2.2 LR authenticated key exchange (AKE)

The study of LR protocols has attracted many researchers, for example, Li and Zhang (2013) designed a LR identity-based encryption scheme. The first formal LR security model for AKE protocol was defined by Moriyama and Okamoto (2011) who named it \(\lambda\)-LR eCK security model. According to the proposed security model, they showed the first LR AKE protocol and its formal security proof. The eCK security model (Lamacchia et al. 2007) and the CK security model (Canetti and Krawczyk 2001) are two main used security model for AKE. In the CK model the adversary could corrupt users to get the secret private keys, and the adversary of the eCK security model is much stronger, he not only could do any things that the adversary of the CK security model can do, but also he could corrupt users to get the ephemeral random secret keys. One central limitation of Moriyama D et al.’s construction is that the leakage attacks are only permissible before the adversary receives the test challenge. Then, After-the-fact (AF) LR security model was presented by Alawatugoda et al. (2014a), where leakages could happen after the adversary receives the test challenge. In 2014, a CAFLR CK-secure AKE protocol was gave by Alawatugoda et al. (2014a), and a bounded AFLR (BAFLR) eCK-secure AKE protocol was shown by Alawatugoda et al. (2014b). In 2015, a CAFLR eCK-secure AKE protocol was proposed by Alawatugoda et al. (2015). In 2016, Chen et al. (2016b) defined a strong AFLR eCK security model and showed a one-round CAFLR eCK-secure AKE protocol. In the new security model, they first considered the leakage attacks to ephemeral random secret keys. In 2017, Ou et al. (2017) first proposed an AFLR eCK-secure identity-based AKE protocol. However, it is very surprising that there has no previous work for LR 3PAKE protocols.

3 Preliminaries

In this section, we describe the used primitives, such as Decision Diffie-Hellman (DDH) assumption, KDF, LRS and leakage-resilient refreshing of LRS.

Notation: Let \({s}\buildrel \$ \over \longleftarrow \Omega\) denote that s is picked uniformly from a finite set \(\Omega\) at random.

Definition 1

(Negligible function) A negligible function \(\varepsilon (k)\) means for each positive integer \(c\ge 0\) there exists an integer \(k_c\) that \(\varepsilon (k)<k^{-c}\) holds for each \(k\ge k_c.\)

Definition 2

(Decision Diffie-Hellman (DDH) Assumption) A distinguishing game is used to formally define DDH assumption:

  1. 1.

    A challenger C generates (G, g) and send them to an adversary A, where G is a cyclic multiplicative group with a large prime order p and g is a random generator of G.

  2. 2.

    C randomly chooses \(x,y,z\buildrel \$ \over \longleftarrow Z_p^*\) and \(b\buildrel \$ \over \longleftarrow (0,1).\) If \(b = 1,\)C sends \((g^x,g^{y},g^{xy})\) to A, else A is given \((g^x,g^y,g^z).\)

  3. 3.

    A outputs his guessed bit \(b',\) and A wins if \(b'=b.\)

DDH assumption means that

$$\begin{aligned} Adv_{DDH} (A)=\vert \Pr [b'=b]-1/2\vert =\varepsilon (\cdot ), \end{aligned}$$

where \(Adv_{DDH} ({A})\) represents the advantage that A wins the above game and \(\varepsilon (\cdot )\) is a negligible function.

Definition 3

\((\varvec{\lambda } - Leakage-Resilient Storage)\) A \(\lambda\)-LRS includes two probabilistic polynomial time (PPT) algorithms (Encode, Decode) and a bounded leakage parameter \(\lambda \text{= }(\lambda _1 ,\lambda _2 ).\)

Encode: \(Encode(s)=s_L \times s_R,\) where s is an element chosen from the message space M, \(s_L \times s_R\) is the encoded output element in the encoding space \(L\times R.\)

Decode: \(Decode(s_L \times s_R )=s.\)

A LRS must satisfy the following two properties:

  1. I.

    Correctness of LRS. For each \(s\buildrel \$ \over \longleftarrow M,\) there has

    $$\begin{aligned} Decode(Encode(s))=s. \end{aligned}$$
  2. II.

    Security of LRS. A distinguishing game is shown as follows:

    1. 1.

      An adversary A picks two elements \((s_0 ,s_1 )\buildrel \$ \over \longleftarrow M\) at random and sends \((s_0 ,s_1 )\) to a challenger C.

    2. 2.

      C randomly selects a bit \(b\buildrel \$ \over \longleftarrow (0,1)\) and generates \(Encode(s_b )=s_b^L \times s_b^R.\)

    3. 3.

      For each round \(i=1,\dots ,t,\)A selects leakage functions \(f=(f_i^L ,f_i^R )\) and get the leakage \((f_i^L (s_b^L ),f_i^R (s_b^R ))\) back from C, where the total leakage size should be bounded by \((\lambda _1 ,\lambda _2 ),\)i.e., \(\sum \nolimits _1^t {f_i^L (s_b^L )} \le \lambda _1 \wedge \sum \nolimits _1^t {f_i^R (s_b^R )} \le \lambda _2.\)

    4. 4.

      A outputs his guessed bit \(b',\) and A wins if \(b'=b.\) The security of LRS means that

      $$\begin{aligned} Adv_{LRS} (A)=\varepsilon (\cdot ), \end{aligned}$$

      where \(Adv_{LRS} (A)\) denotes the advantage of A in winning the above game and \(\varepsilon (\cdot )\) is a negligible function.

Definition 4

\(((\lambda _{Refresh} ,\lambda )-Leakage-Resilient Refreshing of LRS)\) A leakage-resilient refreshing is a PPT algorithm Refresh with \(\lambda\)-LRS (Encode, Decode), a secret s and a bounded leakage amount \(\lambda _{Refresh} =(\lambda _{Refresh1} ,\lambda _{Refresh2} ).\)

Refresh: \(Refresh(s_L \times s_R )=s'_L \times s'_R\) where \(s_L \times s_R\) is the encoding value of the secret s.

A leakage-resilient refreshing of LRS should satisfy the following two properties:

  1. I.

    Correctness of leakage-resilient refreshing. For each \(s\buildrel \$ \over \longleftarrow, M\) there has

    $$\begin{aligned} Decode(s'_L \times s'_R )=D\text{ e }code(s_L \times s_R ). \end{aligned}$$
  2. II.

    \((\lambda _{Refresh} ,\lambda )\)-Security of leakage-resilient refreshing. A distinguishing game is shown as follows:

    1. 1.

      An adversary A picks two elements \((s_0 ,s_1 )\buildrel \$ \over \longleftarrow M\) at random and sends \((s_0 ,s_1 )\) to a challenger C.

    2. 2.

      C randomly selects a bit \(b\buildrel \$ \over \longleftarrow (0,1)\) and generates \(Encode(s_b )=s_{bL}^0 \times s_{bR}^0.\)

    3. 3.

      For each \(i=1,\dots ,\ell.\)A selects the i\(i\)th round leakage functions \(f_{Refresh\text{- }i} =(f_{Refresh\text{- }i}^L ,\)\(f_{Refresh\text{- }i}^R )\) and gets back the leakages \((f_{Refresh\text{- }i}^L (s_{bL}^i ),f_{Refresh\text{- }i}^R (s_{bR}^i ))\) from C, where \(f_{Refresh\text{- }i}^L (s_{bL}^i )\le \lambda _{Refresh1} \wedge f_{Refresh\text{- }i}^R (s_{bR}^i ) \le \lambda _{Refresh2}\); then, C refreshes the encodings,

      $$\begin{aligned} Refresh(s_{bL}^{i-1} \times s_{bR}^{i-1} )=s_{bL}^i \times s_{bR}^i , \end{aligned}$$
    4. 4.

      A outputs his guessed bit \(b'\), and A wins if \(b'=b\). The \((\lambda _{Refresh} ,\lambda )\)-security of leakage-resilient refreshing means that

      $$Adv_{Refresh-LRS} (A)=\varepsilon (\cdot ),$$

      where \(Adv_{Refresh-LRS} (A)\) denotes the advantage of A in winning the above game and \(\varepsilon (\cdot )\) is a negligible function.

Definition 5

(Dziembowski-Faust (DF) LRS Scheme) Suppose \(\text{ s }\in (Z_p^*)^m\) is a secret value with any \(\text{ m }\in \mathrm{N}\).

Encode: Choose a random \(s_L \buildrel \$ \over \longleftarrow (Z_p^*)^n\backslash \{(0^n)\}\) and generate \(s_R \in (Z_p^*)^{n\times \text{ m }}\) such that \(s_L \times s_R =s\), where \(\text{ n }\in \mathrm{N}\). Output \((s_L ,s_R )\).

Decode: \(Decode(s_L \times s_R )=s\).

Lemma 1

(Dziembowski and Faust 2011) If\(m<n/20\), Definition5 is a\(\lambda\)-secure LRS scheme with\(\lambda \text{=(0.3 }\cdot n\cdot \text{ log } \text{ p, } \text{0.3 }\cdot n\cdot {\log p)}\), named\(\Phi _{Z_p^*}^{n,m}\).

Lemma 2

(Dziembowski and Faust 2011) If\(m/3\le n\wedge n\ge 16\), there has a\((\lambda /2,\lambda )\)-secure leakage-resilient refreshing\(Refresh_{Z_p^*}^{n,m}\) for\(\Phi _{Z_p^*}^{n,m}\), where\(\Phi _{Z_p^*}^{n,m}\) is a\(\lambda\)-secure DF-LRS.

Definition 6

(key derivation function) KDF is a PPT algorithm that is used to compute a secret key with inputs (\(\sigma\), \(\ell\), r, c), i.e., k = KDF(\(\sigma\), \(\ell\), r, c), where \(\sigma\) denotes the source material of k, \(\ell\) is some public knowledge about \(\sigma\) such as its length, r is a salt value and c represents a context variable.

Security of KDF. A distinguishing game is defined as follows:

  1. 1.

    The challenger C chooses \((\sigma ,\ell )\) and sends them to an adversary A.

  2. 2.

    A randomly selects a value c and a salt value r.

  3. 3.

    C picks a random bit \(b\buildrel \$ \over \longleftarrow (0,1)\). If \(b = 1\), C calculates k=KDF(\(\sigma\), \(\ell\), r, c), else C picks a string s at random, and then give it to A, where the length of s and k is equal.

  4. 4.

    A outputs his guessed bit \(b'\), and A wins if \(b'=b\).

The security of KDF means that

$$\begin{aligned} Adv_{KDF} (A)=\varepsilon (\cdot ), \end{aligned}$$

where \(Adv_{KDF} ({A})\) denotes the advantage of A in winning the above game and \(\varepsilon (\cdot )\) is a negligible function.

4 The \(\lambda\)-CAFLR security model for 3PAKE

This section formally defines the \(\lambda\)-CAFLR security model for 3PAKE. The new model follows the only computation leakage (OCL) model, which assumes that leakage only occurs in the calculations associated with the secret password. In the\(\ \lambda\)-CAFLR security model an adversary A could continuously get arbitrarily leakages of the secret password, but for each instantiation of the protocol the amount of leakage is bounded by \(\lambda\). In each instantiation, A could adaptively select any PPT leakage functions \(f=(f_1 ,\ldots ,f_n )\) to obtain leakage of the password, and the overall amount of leakages is bounded by \(\lambda\), i.e., \(\sum {\left| {f_i (pw)} \right| } \le \lambda\). After receiving a leakage function \(f_i\) chosen by A, A will be given the leakage \(f_i (pw)\) of the long-term secret password.

4.1 System framework

The typical system model of 3PAKE protocols is shown in Fig. 1, in which has a server S and two clients A, B who seek to generate a shared session key k with the help of S. In this model, k is only learnt by two clients, and is not known by others including the server. S is semi-honest but curious, who will do exactly based on the protocol specifications but will collect and analyze any message he can get. Thus, the adversary A cannot get the users’ passwords from S, but he can activate leakage attacks.

Notations in the system framework:

Principal: is a party involved into a protocol instance. Each principal is either a client \(u\in U\) or a semi-honest server \(s\in S\). We assume there has only a single server in the set S. The client who activates the protocol is called the initiator principal. Each client principal has a password pw, computes H(pw) and gives it to S. Thus, S holds a table \(H(pw_s )= <H(pw_s [u])>_{u\in U}\) with a record for each client.

Session: represent a protocol instance with principals.

Oracle\(\Pi _{U,(S,V)}^t\): is the client principal U interacting with the server S and the intended principal V in the \(t\)th session.

Oracle\(\Pi _{S,(U,V)}^t\): is the server principal S in the \(t\)th session who helps the client U and V to generate a shared session key.

Fig. 1
figure 1

System model

Full size image

4.2 Adversarial powers

Adversarial powers are modelled by the following queries:

SendClient(\(\Pi _{U,(S,V)}^t\), m, f) query: Upon receiving SendClient query with a message m and a leakage function f, \(\Pi _{U,(S,V)}^t\) of \(t\)th the session will generate a normal protocol message produced based on the protocol specifications and the leakage \(f(pw_U )\) of the long-term password, and send them to the adversary A. A can activate a new protocol instance by asking SendClient(\(\Pi _{U,(S,V)}^t\), (start),( )) to the initiator principal.

SendServer(\(\Pi _{S,(U,V)}^t\), m, \(f_{1}\), \(f _{2})\) query: Upon receiving SendServer query with a message m and the leakage functions \(f_{1}\) and \(f _{2}\), \(\Pi _{S,(U,V)}^t\) of the \(t\)th session will generate the normal protocol messages produced based on the protocol specifications and the leakage \(s f_1 (pw_U )\) and \(f_2 (pw_V )\), and send them to A.

RevealSessionKey(\(\Pi _{U,(S,V)}^t )\) query: \(\Pi _{U,(S,V)}^t\) gives the session key of the \(t\)th session to A.

RevealClientEphemeralKey(\(\Pi _{U,(S,V)}^t )\) query: \(\Pi _{U,(S,V)}^t\) gives his random ephemeral key of the \(t\)th session to A.

RevealServerEphemeralKey(\(\Pi _{S,(U,V)}^t )\) query: \(\Pi _{S,(U,V)}^t\) gives his random ephemeral key of the \(t\)th session to A.

Corrupt(\(\Pi _{U,(S,V)}^t )\) query: \(\Pi _{U,(S,V)}^t\) gives his secret password pw\(_{U}\) to A.

Test(\(\Pi _{U,(S,V)}^t )\) query: Upon receiving a Test query, the challenger randomly chooses a bit \(b\buildrel \$ \over \longleftarrow (0,1)\), if b = 1 then A is given the actual session key, while a random key is given to A.

4.3 \(\lambda\)-CAFLR security model

In the \(\lambda\)-CAFLR security model, the total leakage amount of the secret password are bounded by the parameter \(\lambda\), i.e., \(\sum {\left| {f_i (pw)} \right| } \le \lambda\).

Definition 7

(Partners in CAFLR eCK security model) Two oracles \(\Pi _{U,(S,V)}^t\) and \(\Pi _{U',(S,V')}^{t'}\) are called partners if the followings satisfy:

  1. 1.

    Two oracles \(\Pi _{U,(S,V)}^t\) and \(\Pi _{U',(S,V')}^{t'}\) have produced a same session key;

  2. 2.

    \(U=V'\) and \(V=U'\);

  3. 3.

    \(t=t'\).

Definition 8

(\(\lambda\)-CAFLR-freshness) Assume \(f=(f_1 ,\ldots ,f_n )\) be n arbitrary PPT leakage functions for an instantiation of the protocol selected by the adversary A. An oracle \(\Pi _{U,(S,V)}^t\) is \(\lambda\)-CAFLR-fresh if the followings satisfy:

  1. 1.

    The oracle \(\Pi _{U,(S,V)}^t\) or its partner, \(\Pi _{V,(S,U)}^t\) (if it exists) has not been queried a RevealSessionKey.

  2. 2.

    If the partner \(\Pi _{V,(S,U)}^t\) exists, none of the followings has been queried:

    1. (a)

      Corrupt(\(\Pi _{U,(S,V)}^t )\) and RevealClientEphemeralKey(\(\Pi _{U,(S,V)}^t )\).

    2. (b)

      Corrupt (\(\Pi _{V,(S,U)}^t )\) and RevealClientEphemeralKey(\(\Pi _{V,(S,U)}^t )\).

    3. (c)

      RevealClientEphemeralKey(\(\Pi _{U,(S,V)}^t )\), RevealClientEphemeralKey(\(\Pi _{V,(S,U)}^t )\) and RevealServerEphemeralKey(\(\Pi _{S,(U,V)}^t )\).

  3. 3.

    If the partner \(\Pi _{V,(S,U)}^t\) does not exist, none of the followings has been queried:

    1. (a)

      Corrupt (\(\Pi _{U,(S,V)}^t )\) and RevealClientEphemeralKey(\(\Pi _{U,(S,V)}^t )\).

    2. (b)

      Corrupt (\(\Pi _{V,(S,U)}^t )\) .

    3. (c)

      RevealClientEphemeralKey(\(\Pi _{U,(S,V)}^t )\) and RevealServerEphemeralKey(\(\Pi _{S,(U,V)}^t )\).

  4. 4.

    For all SendClient (.,U, ., .,\(f_i )\) queries, \(\sum {\left| {f_i (pw_U )} \right| } \le \lambda\).

  5. 5.

    For all SendClient (.,V, ., .,\(f_i )\) queries, \(\sum {\left| {f_i (pw_V )} \right| } \le \lambda\).

  6. 6.

    For all SendServer (.,S, ., .,\(f_{1i}\), \(f_{2i} )\) queries, \(\sum {\left| {f_{1i} (pw_U )} \right| } \le \lambda \wedge \sum {\left| {f_{2i} (pw_V )} \right| } \le \lambda\).

Definition 9

(\(\lambda\)-CAFLR security game) \(\lambda -\)CAFLR security game is as follows:

  1. 1.

    An adversary A asks any of SendClient, SendServer, RevealSessionKey, RevealClientEphemeralKey, RevealServerEphemeralKey and Corrupt to any oracle as he wants.

  2. 2.

    A chooses a \(\lambda\)-CAFLR-fresh oracle and asks a Test query. Upon getting a Test query, the challenger C randomly selects a bit \(b\buildrel \$ \over \longleftarrow (0,1)\), if b = 1 then A is given the actual session key, while a random key is given to A.

  3. 3.

    A continues asking SendClient, SendServer, RevealSessionKey, RevealClientEphemeralKey, RevealServerEphemeralKey and Corrupt. All these queries should not violate the \(\lambda\)-CAFLR -freshness of the test oracle.

  4. 4.

    A outputs his guessed bit \(b'\), and A wins if \(b'=b\).

Definition 10

(\(\lambda\) -CAFLR security) \(\lambda -\)CAFLR security means that

$$\begin{aligned} Adv_{\text{3PAKE }}^{\lambda -CAFLR} =\vert \Pr [b'=b]-1/2\vert =N_S /N+\varepsilon (\cdot ), \end{aligned}$$

where \(Adv_{{3PAKE}}^{\lambda -{C}AFLR}\) represents the advantage that A wins \(\lambda\)-CAFLR security game in Definition 9, \(N_{S}\) is the number of sessions on a client principal, N denotes the size of the password dictionary that is shared by all clients, and \(\varepsilon (\cdot )\) is a negligible function.

In 3PAKE protocols, the on-line dictionary attack is unavoidable, and \(N_S /N\) is the success probability of the on-line dictionary attack. Thus, a \(\lambda\)-CAFLR secure 3PAKE protocol means that there hasn’t any PPT adversary that could win the above game with an advantage more than \(N_S /N\). There are many ways to limit the on-line dictionary attack, one of the most common methods is using a policy that blocks using a password if failed attempts have happened several times.

5 A new \(\lambda\)-CAFLR 3PAKE secure protocol

5.1 The proposed protocol

Figure 2 shows the proposed protocol, which includes the following two stages:

Fig. 2
figure 2

The LR 3PAKE protocol

Full size image

The initial setup stage:

Users U and V respectively compute \({s}_U {=}H{(pw}_U {)}\), \({s}_V = H{(pw}_V {)}\), and send \({s}_U\)/\({s}_V\) to the server S, in which \({s}_U\)/\({s}_V\) is an element of the group G. We suppose that these calculations are secretly computed and there hasn’t any leakage attack. Then, User U , V and the server S run a \(\lambda\)-secure DF-LRS scheme \(\Phi _{Z_p^*}^{n,1}\) respectively, pick \(u_L^0 \buildrel \$ \over \longleftarrow (Z_p^*)^n\backslash \{(0^n)\}\), \(v_L^0 \buildrel \$ \over \longleftarrow (Z_p^*)^n\backslash \{(0^n)\}\), and \(su_L^0 \buildrel \$ \over \longleftarrow (Z_p^*)^n\backslash \{(0^n)\}\), \(sv_L^0 \buildrel \$ \over \longleftarrow (Z_p^*)^n\backslash \{(0^n)\}\) at random and generates \(a_{R}^0 \in (Z_p^*)^{n\times 1}\), \(b_{R}^0 \in (Z_p^*)^{n\times 1}\) and \(su_{R}^0 \in (Z_p^*)^{n\times 1}\), \(sv_{R}^0 \in (Z_p^*)^{n\times 1}\)such that \(u_L^0 \cdot u_R^0 =s_U\), \(v_L^0 \cdot v_R^0 =s_V\) and \(su_L^0 \cdot su_R^0 =s_U\), \(sv_L^0 \cdot sv_R^0 =s_V\).

The protocol execution stage:

Step 1. User U picks a number \(x\buildrel \$ \over \longleftarrow Z_p^*\) at random, calculates \({X}=g^x,T_{U1} ={g}^{u_L^i }\), \(T_{U2} =(T_{U1} )^{u_R^i }\) and \(T_U =X\cdot T_{U2}\), then sends \((U,V,T_U )\) to S.

Step 2. Upon receiving \((U,V,T_U )\), the server chooses a number \(z\buildrel \$ \over \longleftarrow Z_p^*\) at random, computes

$$\begin{aligned} z\buildrel \$ \over \longleftarrow Z_p^*,T_{SU1}= & {} {g}^{su_L^i },T_{SU2} =(T_{SU1} )^{su_R^i }, \\ T_{SV1}= & {} {g}^{sv_L^i },T_{SV2} =(T_{SV1} )^{sv_R^i }, \\ X_S= & {} T_U /T_{SU2} ,T_{SV} =(X_S )^z\cdot T_{SV2} ,\\ \end{aligned}$$

then sends \((U,V,T_{SV} )\) to V.

Step 3. Upon receiving \((U,V,T_{SV} )\), user V randomly picks a number \(y\buildrel \$ \over \longleftarrow Z_p^*\), computes \({Y}=g^y,T_{V1} ={g}^{v_L^i }\), \(T_{V2} =(T_{V1} )^{v_R^i }\) and \(T_V =Y\cdot T_{V2}\), then sends \((U,V,T_V )\) to S.

Step 4. Upon receiving \((U,V,T_V )\), S computes \(Y_S =T_V /T_{SV2}\), \(T_{SU} =(Y_S )^z\cdot T_{SU2}\), then sends \((U,V,T_{SU} )\) to U.

Step 5. Two users generate the session key and refresh the store encodings. U computes \(K_U =({T}_{SU} /T_{U2} )^x\) and \(k_{uv} =KDF(U,V,K_U )\), then refresh the store pieces with

$$\begin{aligned} (u_L^{i+1} ,u_R^{i+1} )\leftarrow ~\text {Refresh}_{Z_p^*}^{n,1} (u_L^i ,u_R^i ). \end{aligned}$$

And, V also computes \(K_V =({T}_{SV} /T_{V2} )^y\) and \(k_{uv}\) = KDF(U, V, \(K_V )\), then refresh the store pieces with

$$\begin{aligned} (v_L^{i+1} ,v_R^{i+1} )\leftarrow ~\text {Refresh}_{Z_p^*}^{n,1} (v_L^i ,v_R^i ). \end{aligned}$$

Correctnessof the proposed protocol

Since,

$$\begin{aligned} \begin{array}{l} T_{U2} =(g)^{su_L^i \cdot su_R^i }=g^{s_U }=T_{SU2} =(g)^{su_L^i \cdot su_R^i }=g^{s_U } \\ T_{V2} ==g^{s_V }=T_{SV2} \\ Y_S =T_V /T_{SV2} =Y\cdot T_{V2} /T_{SV2} =Y \\ K_U =({T}_{SU} /T_{U2} )^x=((Y_S )^z\cdot T_{SU2} /T_{U2} )^x=(Y_S )^{xz}=Y^{xz}=g^{xyz} \\ \end{array} \end{aligned}$$

By the same way, we get

$$\begin{aligned} K_V =g^{xyz}. \end{aligned}$$

Thus, \(KDF(U,V,K_U )=KDF(U,V,K_V )\), i.e., the proposed protocol is correct.

5.2 Security proof

Theorem 1

If DDH assumption is hard, the leakage-resilient refreshing of LRS is \((2\lambda ,\lambda )\)-secure and KDF is secure, the new 3PAKE protocol is \(\lambda\)-CAFLR eCK-secure, i.e.,

$$\begin{aligned} Adv_{{3PAKE}}^{\lambda -{C}AFLR}\le & {} N_S /N+N_P^2 N_S^2 (Adv_{DDH} {+}Adv_{Refresh-LRS} \\&+\,Adv_{KDF} ), \end{aligned}$$

where \(Adv_{{3PAKE}}^{\lambda -{C}AFLR}\) denotes the advantage of an adversary A in winning the \(\lambda\) CAFLR security game of the proposed protocol \(Adv_{DDH}\), \(Adv_{KDF}\), \(Adv_{Refresh-LRS}\) represent advantages of A in winning the security game of DDH, KDF and leakage-resilient refreshing of LRS, respectively, and \(N_{P}\) is the number of protocol client principals, \(N_{S}\) denotes the number of sessions on a client principal, N is the password dictionary’s size.

Our formal proof is based on the game hopping technique. First, we give a sequence of games in which Game 1 is the original \(\lambda\)-CAFLR security game and the advantages of the last Game is negligible; Second, we show that each game is not distinguished from its previous game. Thus, we get that the advantages of the original \(\lambda\)-CAFLR security game is negligible.

Proof .  The proof could be divided into two main cases: (1) a partner to the test oracle exists, and (2) it does not exist.

Case 1. A partner to the test oracle exists

In this case, the adversary A is a passive adversary who only collects the protocol messages. We split its proofs into three sub cases as follows:

  1. 1.

    A asks corrupt(\(\Pi _{{U},(S,V)}^t\)) and corrupt(\(\Pi _{V,(S,U)}^t\)) queries. In this case, A could get the long-term secret password \(pw_U\) and \(pw_V\).

  2. 2.

    A asks one of corrupt(\(\Pi _{{U},(S,V)}^t\)) and corrupt(\(\Pi _{V,(S,U)}^t\)) queries. In this case, A could not get one long-term secret password of two principles.

  3. 3.

    A asks none of corrupt(\(\Pi _{{U},(S,V)}^t\)) and corrupt(\(\Pi _{V,(S,U)}^t\)) queries. In this case, A could not get any long-term secret passwords of two principles.

Case 1.1 A asks corrupt(\(\Pi _{{U},(S,V)}^t\)) and corrupt(\(\Pi _{V,(S,U)}^t\)) queries

In this case, A could get the long-term secret passwords \(pw_U\) and \(pw_V\) by corrupt(\(\Pi _{{U},(S,V)}^t\)) and corrupt(\(\Pi _{V,(S,U)}^t\)) queries, thus, leakage attacks don’t need to consider. And A could learn the server’s random key z by RevealServerEphe- meralKey(\(\Pi _{S,(U,V)}^t )\), but A could not ask queries RevealClientEphemeralKey(\(\Pi _{{U},(S,V)}^t\)) and RevealClientEphemeralKey(\(\Pi _{V,(S,U)}^t\)) in order not to violate \(\lambda\)-CAFLR-freshness of Test oracle.

Game 1: This is the original \(\lambda\)-CAFLR security game.

Game 2: Game 2 and Game 1 only have the following differences: A selects two different client principals \(U^*, V^*\)\(\buildrel \$ \over \longleftarrow \{{u}_1 ,\ldots ,{u}_{N_p } \}\) and two numbers \(t^*,r^*\buildrel \$ \over \longleftarrow \{1,\ldots ,N_s \}\) at random. Then, A begin to activate Game 2 and chooses the oracle \(\Pi _{{U^*},(S,V^*)}^{t^*}\) as the target oracle and \(\Pi _{{V^*},(S,U^*)}^{r^*}\) as the partner oracle. If the test oracle is not \(\Pi _{{U^*},(S,V^*)}^{t^*}\) or the partner oracle is not \(\Pi _{{V^*},(S,U^*)}^{r^*}\), Game 2 challenger C exists and terminates Game 2.

Game 3: Game 3 and Game 2 only have the following differences: C calculates \(k_{U^*V^*} =KDF(U^*,V^*,(g^{z})^r)\) where \(r\buildrel \$ \over \longleftarrow Z_p^*\). Then, upon receiving a Test(\(\Pi _{{U^*},(S,V^*)}^{t^*} )\) or Test(\(\Pi _{{V^*},(S,U^*)}^{r^*} )\) query, C gives \(k_{U^{*}V{*}}\) to A.

Game 4: Game 4 and Game 3 only have the following differences: C selects a random key \(k_{U^{*}V^{*}} \buildrel \$ \over \longleftarrow \{0,1\}^k\). Then, upon getting a Test(\(\Pi _{{U^*},(S,V^*)}^{t^*} )\) or Test(\(\Pi _{{V^*},(S,U^*)}^{r^*} )\) query, C gives \(k_{U^{*}V^{*}}\) to A.

Differences between games: The followings show that each game t is not distinguished from its previous game \(t-1\). Let \({A}dv_{Game t} (A)\) be the advantage that A wins Game t.

Game 1: In the original game, there has

$$\begin{aligned} {A}dv_{Game 1} (A)=Adv_{{3PAKE}}^{\lambda -{C}AFLR} \qquad \qquad \qquad \qquad ({\mathrm{I}}) \end{aligned}$$

Game 1 and Game 2: If the test oracle is \(\Pi _{{U^*},(S,V^*)}^{t^*}\) and the partner oracle is \(\Pi _{{V^*},(S,U^*)}^{r^*}\), Game 2 is consistent with Game 1. The probability that A correctly selects a test session and a partner is \(1/{N_P^2 N_S^2 }\). Therefore

$$\begin{aligned} {A}dv_{Game 2} (A)=\frac{1}{N_P^2 N_S^2}{A}dv_{Game 1} (A) \qquad \qquad \qquad \qquad ({\mathrm{II}}) \end{aligned}$$

Game 2 and Game 3: In Game 2 \(k_{U^*V^*} =KDF(U^*,V^*\),

\((g^{z})^{xy})\), while in Game 3 \(k_{U^*V^*} = KDF(U^*,V^*,(g^{z})^r)\). From DDH assumption there has

$$\begin{aligned} {\vert A}dv_{Game 2} (A)-{A}dv_{Game 3} (A)\vert {=}Adv_{DDH} \qquad \qquad \qquad \qquad ({\mathrm{III}}) \end{aligned}$$

Game 3 and Game 4: In Game 3 \(k_{U^*V^*} =KDF(U^*,V^*\), \((g^{z})^r)\), while \(k_{U^{*}V^{*}} \buildrel \$ \over \longleftarrow \{0,1\}^k\) in Game 4. Because KDF is secure, there has

$$\begin{aligned} {\vert A}dv_{Game 3} (A)-{A}dv_{Game 4} (A)\vert \le Adv_{KDF} \qquad \qquad \qquad \qquad \qquad ({\mathrm{IV}}) \end{aligned}$$

Game 4: In Game 4 the session key \(k_{U^{*}V^{*}}\) is a random string that doesn’t depends on any information. Therefore

$$\begin{aligned} {A}dv_{Game 4} (A)=0 \qquad \qquad \qquad \qquad ({\mathrm{V}}) \end{aligned}$$

Using equations (I)–(V) we get

$$\begin{aligned} {Adv_{{3PAKE}}^{\lambda -{C}AFLR} \le N_P^2 N_S^2 (Adv_{KDF} +Adv_{DDH} ).} \end{aligned}$$

Case 1.2 A ask one of corrupt(\(\Pi _{{U},(S,V)}^t\)) and corrupt(\(\Pi _{V,(S,U)}^t\)) queries

For simplify, suppose A asks corrupt(\(\Pi _{{U},(S,V)}^t\)) query.

In this case, A can learn the long-term secret password \(pw_U\) by corrupt(\(\Pi _{{U},(S,V)}^t\)) query, and learn the random key y and z by RevealClientEphemeralKey(\(\Pi _{V,(S,U)}^t\)) and RevealServerEphemeralKey(\(\Pi _{S,(U,V)}^t )\), but A could not ask queries RevealClientEphemeralKey(\(\Pi _{{U},(S,V)}^t\)) in order not to violate \(\lambda\)-CAFLR-freshness of Test oracle.

Game 1: It is the original game.

Game 2: Consistent with Game 2 in Case 1.1.

Game 3: Game 3 and Game 2 only have the following differences: C picks a random \({s}_{{V^*}} \buildrel \$ \over \longleftarrow Z_p^*\), encodes \((v_L^0 ,v_R^0 )=\)\(Encode(s_{V^*} )\) and \((sv_L^0 ,sv_R^0 ) =\)\(Encode(s_{V^*} )\), and continues refreshing the two encodings, then uses them to simulate the answers to A’s leakage function of the client principal V* and the server S.

Game 4: Game 4 and Game 3 only have the following differences: C calculates \(k_{U^*V^*} =KDF(U^*,V^*,(g^{{yz}})^{x'})\) where \(x'\buildrel \$ \over \longleftarrow Z_p^*\). Upon receiving a Test(\(\Pi _{{U^*},(S,V^*)}^{t^*} )\) or

Test(\(\Pi _{{V^*},(S,U^*)}^{r^*} )\) query, C gives \(k_{U^{*}V{^*}}\) to A.

Game 5: Consistent with Game 4 in Case 1.1.

Differences between games:

Game 1:

$$\begin{aligned} {A}dv_{Game 1} (A)=Adv_{{AKE}}^{\lambda -{C}AFLR eCK} \qquad \qquad \qquad \qquad ({\mathrm{I}}) \end{aligned}$$

Game 1 and Game 2: Consistent with Game 1 and Game 2 in Case 1.1.

$$\begin{aligned} {A}dv_{Game 2} (A)=\frac{1}{N_P^2 N_S^2}{A}dv_{Game 1} (A) \qquad \qquad \qquad \qquad ({\mathrm{II}}) \end{aligned}$$

Game 2 and Game 3: In Game 2 the leakage of the password \({pw}_V\) is the real leakage of \(s_V =H{(pw}_V {)}\), while the leakage is a leakage of a random value \({s}_{V^*}\)in Game 3. Because the leakage-resilient refreshing of LRS is secure, there has

$$\begin{aligned} {\vert A}dv_{Game 2} (A)-{A}dv_{Game 3} (A)\vert \le Adv_{Refresh-LRS} \qquad \qquad \qquad \qquad ({\mathrm{III}}) \end{aligned}$$

Game 3 and Game 4: In Game 2 \(k_{U^*V^*} =KDF(U^*,V^*\), \((g^{{yz}})^x)\), while in Game 3 \(k_{U^*V^*} =KDF(U^*,V^*\), \((g^{{yz}})^{x'})\). Because \(x'\) is chosen at random and independent on x, \((g^{{yz}})^x\) and \((g^{{yz}})^{x'}\) are perfectly indistinguishable. Therefore,

$$\begin{aligned} {\vert A}dv_{Game 3} (A)-{A}dv_{Game 4} (A)\vert =0 \qquad \qquad \qquad \qquad ({\mathrm{IV}}) \end{aligned}$$

Game 4 and Game 5: Consistent with Game 3 and Game 4 in Case 1.1.

$$\begin{aligned} {\vert A}dv_{Game 4} (A)-{A}dv_{Game 5} (A)\vert \le Adv_{KDF} \qquad \qquad \qquad \qquad ({\mathrm{V}}) \end{aligned}$$

Game 5: Consistent with Game 4 in Case 1.1.

$$\begin{aligned} {A}dv_{Game 5} (A)=0 \qquad \qquad \qquad \qquad ({\mathrm{VI}}) \end{aligned}$$

Using equations (I)–(VI) we get

$$\begin{aligned} Adv_{{3PAKE}}^{\lambda -{C}AFLR} \le N_P^2 N_S^2 (Adv_{Refresh-LRS} +Adv_{KDF} ). \end{aligned}$$

Case 1.3 A ask none of corrupt(\(\Pi _{{U},(S,V)}^t\)) and corrupt(\(\Pi _{V,(S,U)}^t\)) queries

In this case, A could get the random keys x and y by RevealClientEphemeralKey(\(\Pi _{{U},(S,V)}^t\)) and RevealClientEphe-meralKey(\(\Pi _{V,(S,U)}^t\)), but A could not ask RevealServerEph-emeralKey (\(\Pi _{S,(U,V)}^t )\) query in order not to violate \(\lambda\)-CAFLR-freshness of Test oracle.

Game 1: It is the original game.

Game 2: Consistent with Game 2 in Case 1.1.

Game 3: Game 3 and Game 2 only have the following differences: C picks \({s}_{{V^*}} \buildrel \$ \over \longleftarrow Z_p^*\) encodes \((v_L^0 ,v_R^0 ){=}Encode(s_{V^*} )\) and \((sv_L^0 ,sv_R^0 ){=}Encode(s_{V^*} )\) , and continues refreshing the two encodings, then uses them to simulate the answers to A’s leakage function of the principal V* and the server S. By the same way, C picks \({s}_{{U^*}} \buildrel \$ \over \longleftarrow Z_p^*\)at random, encodes it and continues refreshing them, then simulate the answers to A’s leakage function of the principal U* and the server S.

Game 4: Game 4 and Game 3 only have the following differences: C generates \(k_{U^*V^*} =KDF(U^*,V^*,(g^{xy})^{z'})\) where\(\ z'\buildrel \$ \over \longleftarrow Z_p^*\). Upon receiving a Test(\(\Pi _{{U^*},(S,V^*)}^{t^*} )\) or

Test(\(\Pi _{{V^*},(S,U^*)}^{r^*} )\) query, C gives \(k_{U^{*}V^*}\) to A.

Game 5: Consistent with Game 4 in Case 1.1.

Differences between games:

The analyze is almost consistent with Case 1.2, and there has

$$\begin{aligned} Adv_{{3PAKE}}^{\lambda -{C}AFLR} \le N_P^2 N_S^2 (Adv_{Refresh-LRS} +Adv_{KDF} ). \end{aligned}$$

Case 2 A partner oracle to the test oracle does not exist.

In this case, A is an active adversary. He may masquerade as the intended partner principal V and run the protocol with the test oracle \(\Pi _{{U},(S,V)}^t\). Therefore, A could not ask a corrupt (\(\Pi _{V,(S,U)}^t\)) query to get the password of V. But, A can ask the corrupt(\(\Pi _{{U},(S,V)}^t\)) query to get the password of U. We spilt its proof into two sub cases as follows:

  1. 1.

    A asks corrupt(\(\Pi _{{U},(S,V)}^t\)) query. In this case, A could get the secret password \(pw_U\).

  2. 2.

    A doesn’t ask corrupt(\(\Pi _{{U},(S,V)}^t\)). In this case, A could not get the secret password \(pw_U\).

Case 2.1 A asks a corrupt(\(\Pi _{{U},(S,V)}^t\)) query

In this case, A can learn the long-term secret password \(pw_U\) by corrupt(\(\Pi _{{U},(S,V)}^t\)) query, and learn the random key y and z by RevealClientEphemeralKey(\(\Pi _{V,(S,U)}^t\)) and Reveal-ServerEphemeralKey(\(\Pi _{S,(U,V)}^t )\), but A could not ask queries RevealClientEphemeralKey(\(\Pi _{{U},(S,V)}^t\)) in order not to violate \(\lambda\)-CAFLR-freshness of Test oracle.

Game 1: It is the original game.

Game 2: Game 2 and Game 1 only have the following differences: A selects a password \({pw'}_V\), computes \({s'}_V {=}H{(pw'}_V {)}\), encodes it, then uses the encodings of \({s'}_V\) to generate the message based on the protocol specifications.

Table 1 Security comparison of AKE protocols
Full size table

Game 3: Game 3 and Game 2 only have the following differences: A first chooses two different principals \(U^*,V^*\buildrel \$ \over \longleftarrow \{{u}_1 ,\ldots ,{u}_{N_p } \}\) and two numbers \(t^*,r^*\buildrel \$ \over \longleftarrow \{1,\ldots ,N_s \}\) at random. Then, A begin to activate Game 3 and chooses the oracle \(\Pi _{{U^*},(S,V^*)}^{t^*}\) as the target oracle. If the test oracle is not \(\Pi _{{U^*},(S,V^*)}^{t^*}\)C exits and terminates Game 3.

Game 4: Consistent with Game 3 in Case 1.2.

Game 5: Consistent with Game 4 in Case 1.2.

Game 6: Consistent with Game 4 in Case 1.1.

Differences between games

$$\begin{aligned} {\mathrm{Game 1:}}\, {A}dv_{Game 1} (A)=Adv_{{3PAKE}}^{\lambda -{C}AFLR} \quad \quad \quad \quad \quad \quad \quad {\mathrm{(I)}} \end{aligned}$$

Game 1 and Game 2: if \({pw'}_V {=pw}_V\), Game 2 is consistent with Game 1, otherwise Game 2 is independent on Game 1. The probability that \({pw'}_V ={pw}_V\) is \(N_s/N\). Therefore

$$\begin{aligned} {\vert A}dv_{Game 2} (A){-A}dv_{Game 1} (A)\vert =\frac{N_s}{N} \quad \quad \quad \quad \quad \quad \quad {\mathrm{(II)}} \end{aligned}$$

Game 2 and Game 3: The analysis is consistent with Game 1 and Game 2 in Case 1.1.

$$\begin{aligned} {A}dv_{Game 3} (A)=\frac{1}{N_P^2 N_S^2}{A}dv_{Game 2} (A) \quad \quad \quad \quad \quad \quad \quad {\mathrm{(III)}} \end{aligned}$$

Game 3 and Game 4: The analysis is consistent with Game 2 and Game 3 in Case 1.2

$$\begin{aligned} {\vert A}dv_{Game 2} (A)-{A}dv_{Game 3} (A)\vert \le Adv_{Refresh-LRS} \quad \quad \quad \quad \quad \quad \quad {\mathrm{(IV)}} \end{aligned}$$

Game 4 and Game 5: The analysis is consistent with Game 3 and Game 4 in Case 1.2.

$$\begin{aligned} {\vert A}dv_{Game 4} (A)-{A}dv_{Game 5} (A)\vert =0 \quad \quad \quad \quad \quad \quad \quad {\mathrm{(V)}} \end{aligned}$$

Game 5 and Game 6: The analysis is consistent with Game 4 and Game 5 in Case 1.2.

$$\begin{aligned} {\vert A}dv_{Game 5} (A)-{A}dv_{Game 6} (A)\vert \le Adv_{KDF} \quad \quad \quad \quad \quad \quad \quad {\mathrm{(VI)}} \end{aligned}$$

Game 6: The analysis is consistent with Game 4 in Case 1.1

$$\begin{aligned} {A}dv_{Game 6} (A)=0 \quad \quad \quad \quad \quad \quad \quad {\mathrm{(VII)}} \end{aligned}$$

Using equations (I)–(VI) we get we get

$$\begin{aligned} Adv_{{3PAKE}}^{\lambda -{C}AFLR} \le N_S /N+N_P^2 N_S^2 (Adv_{Refresh-LRS} +Adv_{KDF} ). \end{aligned}$$

Case 2.2 A cannot ask a corrupt(\(\Pi _{{U},(S,V)}^t\))query

In this case, A could get the random keys x and y by RevealClientEphemeralKey(\(\Pi _{{U},(S,V)}^t\)) and RevealClientEphe-meralKey (\(\Pi _{V,(S,U)}^t\)), but A could not ask RevealServerEphe-meralKey (\(\Pi _{S,(U,V)}^t )\) query in order not to violate \(\lambda\)-CAFLR-freshness of Test oracle.

Game 1: It is the original game.

Game 2: Consistent with Game 2 in Case 2.1.

Game 3: Consistent with Game 3 in Case 2.1.

Game 4: Consistent with Game 3 in Case 1.3.

Game 5: Consistent with Game 4 in Case 1.3.

Game 6: Consistent with Game 4 in Case 1.1.

Differences between games:

The analysis is almost consistent with Case 2.1, and there has

$$\begin{aligned} Adv_{{3PAKE}}^{\lambda -{C}AFLR} \le \frac{N_S}{N}+N_P^2 N_S^2 (Adv_{Refresh-LRS} +Adv_{KDF} ). \end{aligned}$$

From Case 1 and Case 2 we get

$$\begin{aligned} Adv_{{3PAKE}}^{\lambda -{C}AFLR} \le&\frac{N_S}{N}+N_P^2 N_S^2 (Adv_{DDH} \\&+Adv_{Refresh-LRS} +Adv_{KDF} ). \end{aligned}$$

5.3 Protocol analysis

We compare our proposed protocol with all other LR AKE protocols. The result is given in Table 1, From which we could learn that: (1) the new protocol is the first LR 3PAKE protocol; (2) it is secure in the CAFLR eCK-security model, while (Moriyama and Okamoto 2011) only captured the leakage attacks that happen before the test session was chosen, (Alawatugoda et al. 2014a) just showed the security proof in the CK model; (3) it is proven in the standard model, while (Alawatugoda et al. 2014b) and (Alawatugoda et al. 2015) only proved the security in the RO mode.

6 Conclusions and future works

By combining the OCL model and eCK-security 3PAKE model appropriately, we first give a CAFLR eCK security model for 3PAKE. Then, we propose a LR 3PAKE protocol and show its detailed formal security proof in the standard model. The new protocol could be used to provide secure communications and identity authentications for the leakage environments such as Mobile Internet, Wireless Networks and Sensor Networks. Our future work includes at least the following two directions. Firstly, the multi-user and group settings are very common application environments, for example, Yamamoto (2016) proposed a secure group discussion system for active learning using smartphone. We will extend our approaches to the multi-user and group settings. Secondly, efficiency is very important in some specific environments such as time-critical and low end-to-end delay pay-TV and the power grid scenarios (Wang et al. 2016). We will look for optimization methods to improve efficiency of our construction because mobile devices and IoT devices in general are very limited in computational resources.