Practical Efficiency of Password Authenticated Key Exchange Protocols

Encryption and decryption mechanisms, requiring a public algorithm and a secure key, are a way of having a confidential communication over an insecure network, like the Internet. This raises the Key Exchange Problem, informally, the process by which two entities decide on a shared secure key in the unauthenticated network. Password Authenticated Key Exchange (PAKE) protocols attempt to solve the problem by assuming a common secret, such as a shared password, between the parties, which is used to generate the secure key. Our work focuses on such PAKE protocols in an attempt to understand their practical efficiency. Therefore, we implemented certain studied PAKE protocols by applying them to a simple text messaging system. We further tested their practicality through described timing experiments. The Simple Password-based Authentication Key Exchange (SPAKE) protocol and Password Authenticated Key Exchange by Juggling (JPAKE) protocol are two such protocols that we focused on. In working towards an understanding of password-based protocols, as background, this work also reviews certain protocols for Key Exchange within both Private-Key Cryptography and Public-Key Cryptography.