SL3PAKE: Simple Lattice-based Three-party Password Authenticated Key Exchange for post-quantum world

Three-party Password Authenticated Key Exchange (3PAKE) is a protocol where two parties generate the same session key with the help of a trusted server. With the evolution of quantum computers, there is a growing need to develop the 3PAKE protocols that can resist the quantum attacks. Hence, various 3PAKE protocols have been proposed based on the famous Ring Learning With Error (RLWE) problem. But we find out that all these protocols are vulnerable to signal leakage attacks if their public/private keys are reused. Also, the design of these protocols are pretty complex, thus making these protocols highly inefficient. Hence, to overcome the above issues, we have proposed Simple Lattice-based 3PAKE (SL3PAKE), which is simple in its design and resists signal leakage attack if its public/private keys are reused. The order and flow of messages in the proposed SL3PAKE protocol is quite natural without added complexity, thus makes it simple 3PAKE protocol. Finally, we present the comparative analysis based on communication overhead among the proposed SL3PAKE and other three-party protocols. From the analysis, it has been shown that the proposed SL3PAKE protocol has much less communication overhead/communication rounds than the other three-party protocols.