Three-party authentication architectures are central to modern Internet identity systems such as single sign-on, federated login, and cross-domain authentication. In this setting, a three-party password-authenticated key exchange (3-PAKE) protocol must not only authenticate a user to a verifier using a low-entropy password, but also securely support coordinated authentication and session-key establishment between the verifier and a relying party. Existing schemes cover many application scenarios, yet they often rely on PKI, provide weak password protection, or lack a security treatment strong enough to justify safe reuse inside larger identity systems. Since 3-PAKE typically serves as a security-critical component together with assertion delivery, session management, and service authorization, it should remain secure under composition. We therefore study 3-PAKE for the digital identity model in the Universally Composable (UC) framework. We define an ideal functionality F3−PAKE that captures three-party authentication, session-key establishment, and attainable password-guessing resistance under different compromise assumptions. We then present a generic construction from authenticated key exchange (AKE) and strong asymmetric password-authenticated key exchange (SaPAKE), and prove that it UC-realizes F3−PAKE. Instantiating the construction with OPAQUE and HMQV yields a practical PKI-free four-round protocol, 3-GenSaPAKE, together with a two-factor extension. AVISPA analysis and concrete performance evaluation show that the proposed scheme achieves strong composable security while remaining efficient and deployable.
Li et al. (Fri,) studied this question.