Home // SECURWARE 2025, The Nineteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Comparison of Password-Authenticated Key Exchange Schemes on Android

Authors:
Jörn-Marc Schmidt
Alexander Lawall

Keywords: PAKE; post-quantum cryptography; Android; password-based authentication; mobile security.

Abstract:
Password-Authenticated Key Exchange (PAKE) protocols are critical for secure password-based authentication in various applications, including wireless networking, cloud services, secure messaging, and Internet of Things (IoT) ecosystems. This paper presents a systematic performance evaluation of classical and post-quantum PAKE protocols on a mobile platform, using a Google Pixel 7 Pro running Android 16. We implement a representative set of balanced PAKEs as well as augmented PAKEs. All schemes are implemented in Kotlin/Java using the Bouncy Castle cryptographic provider and evaluated using the Android Jetpack Benchmarking suite under controlled conditions. Our analysis reveals that post-quantum schemes, such as One-Way Key Encapsulation Method to PAKE (OCAKE) and an augmented PAKE scheme based on OCAKE, offer competitive or superior computational performance compared to their classical counterparts, while incurring significantly larger message sizes. We further identify mapping functions, cryptographic primitives, and protocol types as key factors influencing execution time. These results highlight the feasibility of deploying post-quantum PAKEs on constrained mobile devices and provide a benchmark for future optimizations. Future work will examine the impact of hardware acceleration and energy efficiency trade-offs for real-world deployment.

Pages: 55 to 61

Copyright: Copyright (c) IARIA, 2025

Publication date: October 26, 2025

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-306-4

Location: Barcelona, Spain

Dates: from October 26, 2025 to October 30, 2025