SPAKE2+, an Augmented PAKE

Document Type Expired Internet-Draft (individual)
Authors Tim Taubert  , Christopher Wood 
Last updated 2021-06-13 (latest revision 2020-12-10)
Stream Independent Submission
Intended RFC status Informational
Expired & archived
pdf htmlized bibtex
Stream ISE state Submission Received
Consensus Boilerplate Unknown
Document shepherd Adrian Farrel
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes SPAKE2+, a Password Authenticated Key Exchange (PAKE) protocol run between two parties for deriving a strong shared key with no risk of disclosing the password. SPAKE2+ is an augmented PAKE protocol, as only one party has knowledge of the password. This method is simple to implement, compatible with any prime order group and is computationally efficient.


Tim Taubert (
Christopher Wood (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)