Auditable PAKEs: Approaching Fair Exchange Without a TTP

Roscoe recently showed how HISPs, a class of protocol to allow humans to contribute to the creation of secure authentic channels between them, can be made auditable in the sense that a failed attack on them cannot be disguised as communication failure.  In this paper we study the same issue for PAKEs:

password authenticated key exchanges.  We find that because this second style of protocol relies on long term state, it is harder to make them auditable, and that to do so we have to develop new ideas on how to approximate fair exchange without a TTP.

This is joint work by Professor Bill Roscoe (Oxford) and Professor Peter Ryan (Luxembourg)