Three-party password-authenticated key exchange without random oracles

Password-authenticated key exchange (PAKE) in the 3-party setting is where two clients, who do not share a password between themselves but only with a server, establish a common session key with the help of the server. Abdalla, Fouque and Pointcheval were the first formally to address 3-party PAKE issue and presented a natural and generic construction from any 2-party PAKE protocols. Soon after, Abdalla and Pointcheval presented a more efficient 3-party PAKE protocol and proved its security in the random oracle model. In this paper, we present a new 3-party PAKE protocol on the basis of identity-based encryption and ElGamal encryption schemes. In our protocol, the client needs to remember passwords and the server´s identity only while the server keeps passwords in addition to a private key related to its identity. We have put forth a formal model of security for ID-based 3-party PAKE, and provided a rigorous proof of security for our protocol without random oracles.