The Simplified Description of the SRP protocol

 

Note: All arithmetic is modulus n

Public values: n, g

 

Setup

 

A: x := hash(s, P)

A -> S: x

S: v := gX

 

Protocol

 

C -> S: C, f(a)

S: <-(C, A)

S -> C: s, Ru, h(v, b)

C:<-(s, Ru, B)

C: K = hash(j(B, x, a, u))

S: K = hash(k(A, v, u, b))

C -> S: hash(A, B, Kc)

S: <-(M1)

S -> C: hash(A, M1, Ks)

 

Functions

 

f(a, g) = ga

h(v, b, g) = v + gb

j(B, x, a, u) = (B Ė gx)a + ux

k(A, v, u, b) = (Avu)b

 

Variables

 

n = large prime

g = primitive root modulo n

s =salt

P = Cís password

x = private key

v = hostís password verifier

a, b = ephemeral private keys

A, B = corresponding public keys to a, b

K = session key

Reference

The SRP Project