Abstract-- This paper is concerned with passwordauthenticated key agreement protocols. Designing such protocols represents an interesting challenge since there is no standard way of choosing a password that achieves an optimum trade-off between usability and security. Indeed, passwords belonging to a highly structured language are essentially equivalent to low entropy strings. A fundamental goal is that of obtaining secure and efficient protocols, with optimum computational complexity, round complexity and communication efficiency. These properties make them ideal candidates for mobile devices. We present DH-BPAKE1 which is an improved version of the protocol presented in previous work (DH-BPAKE). The construction builds upon the encrypted key exchange protocol of Bellovin and Merritt augmented with a key confirmation round based on the use of efficient message authentication codes. We discuss in detail the security properties of the two efficient message authentication schemes which f...