RFC 9382

SPAKE2, a Password-Authenticated Key Exchange, September 2023

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
W. Ladd

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9382

Discuss this RFC: Send questions or comments to the mailing list cfrg@irtf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9382


This document describes SPAKE2, which is a protocol for two parties that share a password to derive a strong shared key without disclosing the password. This method is compatible with any group, is computationally efficient, and has a security proof. This document predated the Crypto Forum Research Group (CFRG) password-authenticated key exchange (PAKE) competition, and it was not selected; however, given existing use of variants in Kerberos and other applications, it was felt that publication was beneficial. Applications that need a symmetric PAKE, but are unable to hash onto an elliptic curve at execution time, can use SPAKE2. This document is a product of the Crypto Forum Research Group in the Internet Research Task Force (IRTF).

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search