A method for a first participant to establish a shared secret with a second
participant, where the first participant and the second participant share
a password-based first master key and a hash function includes sending a
first message including a first private value for the second participant
and a first authenticator for the second participant encrypted with the
first master key. The first message also includes a first hashed
authenticator for the first participant encrypted with a first shared
secret key. The first message also includes a first public value for the
first participant. The first participant receives a second message, the
second message including the first authenticator for the second
participant and a first public value for the second participant encrypted
with the first shared secret key. The first participant sends a third
message, the third message including the first authenticator for the first
participant, a second hashed authenticator for the first participant, a
second authenticator for the second participant and a second master key
encrypted with a second shared secret key. The third message also includes
a second public value for the first participant. A fourth message is
received by the first participant, the fourth message including a second
authenticator for the second participant and a second public value for the
second participant encrypted with the second shared secret key.
