The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol
RFC 8133

Document Type RFC - Informational (March 2017; No errata)
Was draft-smyshlyaev-sespake (individual)
Last updated 2017-03-30
Stream ISE
Formats plain text pdf html bibtex
IETF conflict review conflict-review-smyshlyaev-sespake
Stream ISE state Published RFC
Consensus Boilerplate Unknown
Document shepherd Nevil Brownlee
Shepherd write-up Show (last changed 2017-01-11)
IESG IESG state RFC 8133 (Informational)
Telechat date
Responsible AD (None)
Send notices to "Nevil Brownlee" <rfc-ise@rfc-editor.org>
IANA IANA review state IANA OK - No Actions Needed
IANA action state No IC
Independent Submission                                S. Smyshlyaev, Ed.
Request for Comments: 8133                                   E. Alekseev
Category: Informational                                        I. Oshkin
ISSN: 2070-1721                                                 V. Popov
                                                              CRYPTO-PRO
                                                              March 2017

The Security Evaluated Standardized Password-Authenticated Key Exchange
                           (SESPAKE) Protocol

Abstract

   This document describes the Security Evaluated Standardized Password-
   Authenticated Key Exchange (SESPAKE) protocol.  The SESPAKE protocol
   provides password-authenticated key exchange for usage in systems for
   protection of sensitive information.  The security proofs of the
   protocol were made for situations involving an active adversary in
   the channel, including man-in-the-middle (MitM) attacks and attacks
   based on the impersonation of one of the subjects.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8133.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Smyshlyaev, et al.            Informational                     [Page 1]
RFC 8133                         SESPAKE                      March 2017

Table of Contents

   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................2
   3. Notations .......................................................3
   4. Protocol Description ............................................4
      4.1. Protocol Parameters ........................................5
      4.2. Initial Values of the Protocol Counters ....................7
      4.3. Protocol Steps .............................................7
   5. Construction of Points {Q_1,...,Q_N} ...........................11
   6. Security Considerations ........................................13
   7. IANA Considerations ............................................13
   8. References .....................................................14
      8.1. Normative References ......................................14
      8.2. Informative References ....................................15
   Appendix A. Test Examples for GOST-Based Protocol Implementation ..16
     A.1. Examples of Points .........................................16
     A.2. Test Examples of SESPAKE ...................................17
   Appendix B. Point Verification Script .............................33
   Acknowledgments ...................................................51
   Authors' Addresses ................................................51

1.  Introduction

   This document describes the Security Evaluated Standardized Password-
   Authenticated Key Exchange (SESPAKE) protocol.  The SESPAKE protocol
   provides password-authenticated key exchange for usage in systems for
   protection of sensitive information.  The protocol is intended to be
   used to establish keys that are then used to organize a secure
   channel for protection of sensitive information.  The security proofs
   of the protocol were made for situations involving an active
   adversary in the channel, including man-in-the-middle (MitM) attacks
   and attacks based on the impersonation of one of the subjects.

2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Smyshlyaev, et al.            Informational                     [Page 2]
RFC 8133                         SESPAKE                      March 2017

3.  Notations

   This document uses the following parameters of elliptic curves in
   accordance with [RFC6090]:

   E       an elliptic curve defined over a finite prime field GF(p),
Show full document text