An Efficient Password Security of Three-Party Key Exchange Protocol based on ECDLP Jayaprakash Kar 1 , Banshidhar Majhi 2 1 Department of Information Technology Al Musanna College of Technology Sultanate of Oman 2 Department of Computer Science & Engineering National Institute of Technology Rourkela,INDIA 1 jayaprakashkar@yahoo.com 2 bmajhi@nitrkl.ac.in ABSTRACT In this paper we have proposed an efficient password security of Three- Party Key Exchange Protocol based on Elliptic Curve Discrete Logarithm Problem. Key exchange protocols allow two parties communicating over a public network to establish a common secret key called session key. Due to their significance by in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Here we have taken two one-way hash functions to build the high level of security. Keywords Key exchange protocol, Password based, secure communication, off-line dictionary attack, ECDLP 1. INTRODUCTION Three-party authenticated key exchange protocol is an important cryptographic technique in the secure communication areas, by which two clients, each sharing a human-memorable password with a trusted server, can agree a secure session key. Over the past years, many three-party authenticated key exchange protocols have been proposed. However, to our best knowledge, not all of them can meet the requirements of security and efficiency simultaneously. Therefore, in this paper, we would like to propose a new simple three-party password based authenticated key exchange protocol. Compared with other existing protocols, our proposed protocol does not require any server’s public key, but can resist against off-line dictionary attack. Therefore, we believe it is suitable for some practical scenarios. With the proliferation of the handheld wireless information appliances, the ability to perform security functions with limited computing resources has become increasingly important. In mobile devices such as personal digital assistants (PDAs) and multimedia cell phones, the processing resources, memory and power are all very limited, but he need for secure transmission of information may increase due to the vulnerability to attackers of the publicly accessible wireless transmission channel [1]. New smaller and faster security algorithms provide part of the solution, the elliptic curve cryptography ECC provide a faster alternative for public key cryptography. Much smaller key lengths are required with ECC to provide a desired level of security, which means faster key exchange, user authentication, signature generation and verification, in addition to smaller key storage needs. The terms elliptic curve cipher and elliptic curve cryptography refers to an existing generic cryptosystem which use numbers generated from an elliptic curve. Empirical evidence suggests that cryptosystems that utilize number derived from elliptic curve can be more secure [2]. As with all cryptosystems and especially with public-key cryptosystems, it takes years of public evaluation before a reasonable level of confidence in a new system is established. ECC seem to have reached that level now. In the last couple of years, the first commercial implementations have appeared, as toolkits but also in real- world applications, such as email security, web security, smart cards, etc. The security of ECC has not been proven but it is based on the difficulty of computing elliptic curve discrete logarithm in the elliptic curve group [3]. 2. BACKGROUNDS In this section we brief overview of Elliptic Curve over finite field, Elliptic Curve Discrete Logarithm Problem, Key exchange, Elliptic Curve Diffe-Helman (ECDH) and about three-party key exchange protocol. 2.1 THE FINITE FIELD P F Let p be a prime number. The finite field is comprised of the set of integers with the following arithmetic operations [5] [6] [7]: P F 1 ....... 2 , 1 , 0 − p