Juryon  Paik, 
    Insecure Instantiations of Random Oracles in
Password-Based Key Exchange Protocols,
    Journal of Engineering and Applied Sciences,
    Volume 13,Issue 15,
    2018,
    Pages 6211-6219,
    ISSN 1816-949x,
    jeasci.2018.6211.6219,
    (https://makhillpublications.co/view-article.php?doi=jeasci.2018.6211.6219)
    Abstract: Protocols for Password-based Authenticated Key Exchange (PAKE) allow users to generate a shared
secret key from their easy-to-remember passwords but at the same time have to protect the user’s passwords
from the notorious dictionary attacks. PAKE protocols often use a hash function that maps user passwords
into elements of the underlying cyclic group G generated by an arbitrary fixed element g,G. Such a hash
function is usually modelled as a random oracle G in proofs of security of protocols. One obvious way of
instantiating the random oracle G is to use a random oracle H: {0, 1}*&rarr;Z<sub>q</sub> and then define G(.) = g<sup><i>H</i>(,)</sup>. However, 
we argue that this obvious instantiation of G is likely to result in a critical vulnerability for most of PAKE
protocols. In the present research, we provide a strong evidence in support of this argument by showing that
two popular protocols-Bresson two-party PAKE protocol and Abdalla and Pointcheval&#146;s three-party PAKE
protocol-become susceptible to an offline dictionary attack as soon as G is instantiated as G (.) = g<sup><i>H</i>(,)</sup>. Our result suggests that designers of PAKE protocols should clearly specify how G can be securely instantiated for their
protocols in order to prevent protocol implementers from employing an insecure instantiation of G.
    Keywords: prevent protocol implementers;dictionary attack;random oracle;password;Authenticated key exchange;PAKE protocols;pointchevals