Security analysis of SPAKE2+

Victor Shoup

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We show that a slight variant of Protocol SPAKE2 +, which was presented but not analyzed in [17], is a secure asymmetric password-authenticated key exchange protocol (PAKE), meaning that the protocol still provides good security guarantees even if a server is compromised and the password file stored on the server is leaked to an adversary. The analysis is done in the UC framework (i.e., a simulation-based security model), under the computational Diffie-Hellman (CDH) assumption, and modeling certain hash functions as random oracles. The main difference between our variant and the original Protocol SPAKE2 + is that our variant includes standard key confirmation flows; also, adding these flows allows some slight simplification to the remainder of the protocol. Along the way, we also (i) provide the first proof (under the same assumptions) that a slight variant of Protocol SPAKE2 from [5] is a secure symmetric PAKE in the UC framework (previous security proofs were all in the weaker BPR framework [7]); (ii) provide a proof (under very similar assumptions) that a variant of Protocol SPAKE2 + that is currently being standardized is also a secure asymmetric PAKE; (iii) repair several problems in earlier UC formulations of secure symmetric and asymmetric PAKE.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 18th International Conference, TCC 2020, Proceedings
EditorsRafael Pass, Krzysztof Pietrzak
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages30
ISBN (Print)9783030643805
StatePublished - 2020
Event18th International Conference on Theory of Cryptography, TCCC 2020 - Durham, United States
Duration: Nov 16 2020Nov 19 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12552 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference18th International Conference on Theory of Cryptography, TCCC 2020
Country/TerritoryUnited States

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Security analysis of SPAKE2+'. Together they form a unique fingerprint.

Cite this