Gateway-oriented password-authenticated key exchange protocol in the standard model

A gateway-oriented password-based authenticated key exchange (GPAKE) is a 3-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. GPAKE protocols are suitable for mobile communication environments such as GSM (Global System for Mobile Communications) and 3GPP (The Third Generation Partnership Project). To date, most of the published protocols for GPAKE have been proven secure in the random oracle model. In this paper, we present the first provably-secure GPAKE protocol in the standard model. It is based on the 2-party password-authenticated key exchange protocol of Jiang and Gong. The protocol is secure under the DDH assumption (without random oracles). Furthermore, it can resist undetectable on-line dictionary attacks. Compared with previous solutions, our protocol achieves stronger security with similar efficiency.