Peer-to-Peer Networking and Applications (19366450)18(4)
Mobile devices have become essential to our daily lives, leading to a growing need for robust security mechanisms in their communications. Ensuring secure interactions between these devices and central servers is vital to protect sensitive data. As a result, there is a significant demand for Authenticated Key Exchange (AKE) schemes. Schemes that rely on passwords for authentication and key exchange are known as Password Authenticated Key Exchange (PAKE). The development of Shor’s algorithm in 1994, along with recent advances in quantum computing, has led to researchers to propose schemes, including PAKE, that are secure against quantum attacks. Recently, Moony et al. introduced a lattice-based two-party authentication protocol for mobile devices. In this paper, we analyze the vulnerabilities of their scheme, focusing on key mismatch attack, forward secrecy violation, replay attack, Key Compromise Impersonation (KCI) attack, and offline password guessing attack. To address these issues, we propose a new reconciliation-based anonymous PAKE scheme based on RLWE, secure in the random oracle model. Our scheme is not only resistant to signal leakage and key mismatch attacks, which affect existing reconciliation-based RLWE key exchange protocols, but also uniquely ensures KCI resistance−a property that is not provided by prior anonymous PAKE schemes. The results show that while our scheme provides the strongest security, user-side computational complexity is reduced by about 5% compared to the most secure scheme, based on benchmark parameters suited for mobile environments. Additionally, it incurs approximately 11% higher communication overhead compared to most schemes. Despite these trade-offs, the significant security improvements make our scheme highly suitable for mobile applications, where user-side efficiency is critical. © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2025.
