A secure three-factor multiserver authentication protocol against the honest-but-curious servers

Three-factor multiserver authentication protocols become a prevalence in recent years. Among these protocols, almost all of them do not involve the registration center into the authentication process. To improve the protocol's efficiency, a common secret key is shared among all severs, which leads to a serious weakness; i.e., we find that these protocols cannot resist the passive attack from the honest-but-curious servers. This paper takes Wang et al.'s protocol as an example, to exhibit how an honest-but-curious server attacks their protocol. To remedy this weakness, a novel three-factor multiserver authentication protocol is presented. By introducing the registration center into the authentication process, the new protocol can resist the passive attack from the honest-but-curious servers. Security analyses including formal and informal analyses are given, demonstrating the correctness and validity of the new protocol. Compared with related protocols, the new protocol possesses more secure properties and more practical functionalities than others at a relatively low computation cost and communication cost.