Skip to main content

CPace, a balanced composable PAKE

Document Type Replaced Internet-Draft (cfrg RG)
Expired & archived
Author Björn Haase
Last updated 2020-07-14 (Latest revision 2020-02-07)
Replaced by draft-irtf-cfrg-cpace
RFC stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream IRTF state Replaced
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Replaced by draft-irtf-cfrg-cpace
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes CPace which is a protocol for two parties that share a low-entropy secret (password) to derive a strong shared key without disclosing the secret to offline dictionary attacks. This method was tailored for constrained devices, is compatible with any group of both prime- and non-prime order, and comes with a security proof providing composability guarantees.


Björn Haase

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)