When Bob and Alice Have a Secret … They Can Generate Another Secret: Meet J-PAKE
J-PAKE (Password Authenticated Key Exchange by Juggling) was created by Hao and Ryan [1] and fully defined in RFC 8238 [2][here]:
It is a Password Authentication Key Exchange method, and where Bob and Alice share the same secret password (s). They can then generate a shared secret key. It involves two stages: a one-time key establishment; and a key confirmation stage. Overall, it does not need access to the PKI infrastructure but involves a one-time key establishment and a key confirmation stage.
Round 1
Alice then generates two random values: x1 and x2, and where x1 is a value between 0 and q, and x2 is a value between 0 and q. The values of x_1 and x_2 are kept secret, and where Alice will send the following to Bob:
Alice will also create a Zero Knowledge Proof (ZKP) for x_1, and another for x_2: