It's an asymmetric PAKE protocol. Basically a user can prove that he knows a password without the server storing the password, or even data derived from that password. The idea is the same as Secure Remote Password
I wanted to understand the protocol, so I hacked together a client/server in Python as I read the paper.