Improved G-3PAKE Protocol with Formal Verification

In 2007, Lu and Cao proposed a simple three party password authenticated key exchange (S-3PAKE) protocol. In 2008, Guo et al. have shown that S-3PAKE protocol is completely insecure against man-in-the-middle attack and undetectable on-line password guessing attack. They also provided an improved protocol (G-3PAKE) that addresses the identified security problems. Recently, Choi and Yoon have demonstrated that G-3PAKE protocol still falls prey to undetectable on-line password guessing attack by any other client. In the present paper we propose an improved G-3PAKE protocol which can resist all the known attacks along with its formal proof.