Three-party authentication architectures are central to modern Internet identity systems such as single sign-on, federated login, and cross-domain authentication. In this setting, a three-party password-authenticated key exchange (3-PAKE) protocol must not only authenticate a user to a verifier using a low-entropy password, but also securely support coordinated authentication and session-key establishment between the verifier and a relying party. Existing schemes cover many application scenarios, yet they often rely on PKI, provide weak password protection, or lack a security treatment strong enough to justify safe reuse inside larger identity systems. Since 3-PAKE typically serves as a security-critical component together with assertion delivery, session management, and service authorization, it should remain secure under composition. We therefore study 3-PAKE for the digital identity model in the Universally Composable (UC) framework. We define an ideal functionality F3−PAKE that captures three-party authentication, session-key establishment, and attainable password-guessing resistance under different compromise assumptions. We then present a generic construction from authenticated key exchange (AKE) and strong asymmetric password-authenticated key exchange (SaPAKE), and prove that it UC-realizes F3−PAKE. Instantiating the construction with OPAQUE and HMQV yields a practical PKI-free four-round protocol, 3-GenSaPAKE, together with a two-factor extension. AVISPA analysis and concrete performance evaluation show that the proposed scheme achieves strong composable security while remaining efficient and deployable.
Li et al. (Fri,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: