[2025.11.03] A Security Analysis of WPA3-PK: Implementation and Precomputation Attacks

ACNS24

Abstract

Creating secure Wi-Fi hotspots has historically been challenging: when using an open network it is trivial for an adversary to eavesdrop traffic. Alternatively, when using a password-protected network and sharing the password publicly, anyone who knows the password can create a rogue clone of the network to intercept traffic. To overcome this problem, the Wi-Fi Alliance released SAE-PK as part of an update to WPA3, which we will call WPA3-PK. In this protocol, a public key is used to verify the hotspot’s authenticity, and the password of the network encodes a fingerprint of this public key. As a result, someone who knows the password can no longer clone the network, because they do not know the corresponding private key.

In this paper, we systematically analyze the security of WPA3-PK. We first study implementations, where we show that the private WPA3-PK password gets leaked when using a flawed random number generator, and confirm that this may indeed happen in practice. We then study network aspects, where we show how a malicious insider can intercept the traffic of others. Our third focus is cryptographic attacks, where we perform an evaluation of time-memory trade-off attacks against WPA3-PK, and we optimize these attacks by combining the technique of rainbow tables with distinguished points. Additionally, we construct multi-network password collisions that allow an adversary to build a single rainbow table that can be used to attack multiple networks. Finally, we discuss defenses against our attacks and propose updates to the WPA3-PK standard