%% You should probably cite draft-irtf-cfrg-augpake-09 instead of this revision. @techreport{irtf-cfrg-augpake-06, number = {draft-irtf-cfrg-augpake-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-irtf-cfrg-augpake/06/}, author = {SeongHan Shin and Kazukuni Kobara}, title = {{Augmented Password-Authenticated Key Exchange (AugPAKE)}}, pagetotal = 20, year = 2016, month = jul, day = 18, abstract = {This document describes a secure and highly-efficient augmented password-authenticated key exchange (AugPAKE) protocol where a user remembers a low-entropy password and its verifier is registered in the intended server. In general, the user password is chosen from a small set of dictionary whose space is within the off-line dictionary attacks. The AugPAKE protocol described here is secure against passive attacks, active attacks and off-line dictionary attacks (on the obtained messages with passive/active attacks). Also, this protocol provides resistance to server compromise in the context that an attacker, who obtained the password verifier from the server, must at least perform off-line dictionary attacks to gain any advantage in impersonating the user. The AugPAKE protocol is not only provably secure in the random oracle model but also the most efficient over the previous augmented PAKE protocols (SRP and AMP).}, }