中文摘要：

CLC 协议(由 Tzung 求婚了 -- 她的陈， Wei 箱李和 Hsing 黄雾陈， CLC，为短) 是一个新三聚会的证实口令的关键交换(3PAKE ) 协议。这个 CLC 协议围着效率(仅仅三个回合) 提供上级，并且它为计算要求的资源是相对很少。然而，我们发现在 CLC 协议的 V 和 B V 将使 man-in-the-middle 成为的值的漏攻击在实践可行， V 和 B V 在哪儿是认证信息，为参加者 A 和 B 由服务器选择。在这份报纸，我们实质上在 CLC 协议上描述我们的攻击并且进一步介绍一个修改 3PAKE 协议，它是一个改进 CLC 协议。我们的协议能抵抗可得到的攻击，包括我们在起始的 CLC 协议上发动的 man-in-the-middle 攻击。同时，我们允许参加者自己选择他们的自己的口令，因此避免服务者在初始化阶段被控制的危险。另外，我们的协议的计算费用比 CLC 协议的低。

英文摘要：

The CLC protocol （proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short） is a new three-party password-authenticated key exchange （3PAKE） protocol. This CLC protocol provides a superior round efficiency （only three rounds）, and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.