Skip to main content

CPace, a balanced composable PAKE

Document Type Replaced Internet-Draft (cfrg RG)
Author Björn Haase
Last updated 2020-07-14 (Latest revision 2020-02-07)
Replaced by draft-irtf-cfrg-cpace
Stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Expired & archived
plain text xml htmlized pdfized bibtex
Stream IRTF state Replaced
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Replaced by draft-irtf-cfrg-cpace
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


This document describes CPace which is a protocol for two parties that share a low-entropy secret (password) to derive a strong shared key without disclosing the secret to offline dictionary attacks. This method was tailored for constrained devices, is compatible with any group of both prime- and non-prime order, and comes with a security proof providing composability guarantees.


Björn Haase

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)