A Password-Authenticated Key Agreement Scheme Based on ECC Using Smart Cards

Public Key Cryptography (PKC) is recently playing an essential role in electronic banking and financial transactions. Elliptic Curve Cryptography (ECC) is one of the best public key techniques for its small key size and high security and is suitable for secure access of smart cards because implementation on smart cards is challenging due to memory, bandwidth, and computation constraints. In this paper, we proposed a password-authenticated key agreement scheme based on ECC. Our scheme provides more guarantees in security as follows: 1) the computation and communication cost is very low; 2) a user can freely choose and change his own password; 3) the privacy of users can be protected; 4) it generates a session key agreed upon by the user and the server; 5) it provides both implicit key and explicit key confirmation; and 6) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised. And yet, our scheme is simpler and more efficient for smart card authentication.