The Simplified Description of the SRP protocol


Note: All arithmetic is modulus n

Public values: n, g




A: x := hash(s, P)

A -> S: x

S: v := gX




C -> S: C, f(a)

S: <-(C, A)

S -> C: s, Ru, h(v, b)

C:<-(s, Ru, B)

C: K = hash(j(B, x, a, u))

S: K = hash(k(A, v, u, b))

C -> S: hash(A, B, Kc)

S: <-(M1)

S -> C: hash(A, M1, Ks)




f(a, g) = ga

h(v, b, g) = v + gb

j(B, x, a, u) = (B Ė gx)a + ux

k(A, v, u, b) = (Avu)b




n = large prime

g = primitive root modulo n

s =salt

P = Cís password

x = private key

v = hostís password verifier

a, b = ephemeral private keys

A, B = corresponding public keys to a, b

K = session key


The SRP Project