The information below is for an old version of the document
Document Type Expired Internet-Draft (cfrg RG)
Authors Watson Ladd  , Benjamin Kaduk 
Last updated 2019-09-12 (latest revision 2019-03-11)
Replaces draft-ladd-spake2
Stream Internet Research Task Force (IRTF)
Expired & archived
plain text xml pdf htmlized bibtex
Stream IRTF state Active RG Document
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes SPAKE2 and its augmented variant SPAKE2+, which are protocols for two parties that share a password to derive a strong shared key with no risk of disclosing the password. This method is compatible with any prime order group, is computationally efficient, and SPAKE2 (but not SPAKE2+) has a security proof.


Watson Ladd (
Benjamin Kaduk (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)