Abstract: In Three-party Password Authenticated Key Exchange（3PAKE） protocols，clients are allowed to share a password verifier with a trusted server.Then，two clients can communicate with each other through the trusted server to build and share the session key.According to the security analyses of Li et al.’s protocol，it suffers from the offline dictionary attack and server compromise attack.This paper proposes an improved protocol which can provide mutual authentication，secure session key and forward security.The improved protocol is also secure to several attacks，including offline dictionary attack and server leaked attack.

摘要： 基于三方的口令认证密钥交换（3PAKE）协议是客户通过与可信服务器共享一个口令验证元，在两客户进行通信时通过此可信服务器进行会话密钥的建立与共享，从而进行通信。首先对李文敏等人提出的协议进行安全性分析，发现该协议易受离线字典攻击和服务器泄露攻击。提出了一个改进协议，该协议能够提供双向认证、会话密钥机密性和前向安全性，能够有效抵抗多种攻击，包括离线字典攻击和服务器泄露攻击。