SPAKE2+, an Augmented Password-Authenticated Key Exchange Protocol
RFC 9383, “SPAKE2+, an Augmented Password-Authenticated Key Exchange Protocol”, is an Informational document published in September 2023 by T. Taubert, C. A. Wood. The canonical text is published by the RFC Editor.
Abstract
This document describes SPAKE2+, a Password-Authenticated Key Exchange (PAKE) protocol run between two parties for deriving a strong shared key with no risk of disclosing the password. SPAKE2+ is an augmented PAKE protocol, as only one party has knowledge of the password. This method is simple to implement, compatible with any prime-order group, and computationally efficient.
This document was produced outside of the IETF and IRTF and represents the opinions of the authors. Publication of this document as an RFC in the Independent Submissions Stream does not imply endorsement of SPAKE2+ by the IETF or IRTF.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9383 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9382 SPAKE2, a Password-Authenticated Key Exchange
- RFC 9384 A BGP Cease NOTIFICATION Subcode for Bidirectional Forwarding Detection
- RFC 9381 Verifiable Random Functions
- RFC 9385 Using GOST Cryptographic Algorithms in the Internet Key Exchange Protocol Version 2
- RFC 9380 Hashing to Elliptic Curves
- RFC 9386 IPv6 Deployment Status
- RFC 9387 Use Cases for DDoS Open Threat Signaling Telemetry
- RFC 9378 In Situ Operations, Administration, and Maintenance Deployment