Cryptanalysis of Guo et al.’s three-party password-based authenticated key exchange (G-3PAKE) protocol

In 2008, Guo et al. have shown that Lu and Cao's simple three-party protocol for password- authenticated key exchanges (S-3PAKE) is indeed completely insecure against a kind of man- in-the-middle attack and the undetectable on-line password guessing attack. In addition, they have provided an improved protocol (G-3PAKE) that addresses the identified security problems. However, this paper demonstrates G-3PAKE protocol still falls to undetectable on-line password guessing attack by any other client.