Abstract: Key exchange protocol is aimed to exchange a secure common key for two entities. Password-based scheme is widely used, due to its high usability and central server independence. At present, how to design a secure password-based protocol, and how to prove its security are open problems. In this paper, an efficient and provably secure password-based key exchange protocol is proposed, using only hash function and XOR operator. The security of the protocol can be tightly reduced to the hardness of the computational Diffie-Hellman problem in random oracle model. Thus, the protocol is proved to be semantically secure against off-line dictionary attacks. Finally, compared with the related works, the protocol is more efficient with respect to computation and communication.