A Study of Two-Party Certificateless Authenticated Key-Agreement Protocols
We survey the set of all prior two-party certificateless key agreement protocols available in the literature at the time of this work. We find that all of the protocols exhibit vulnerabilities of varying severity, ranging from lack of resistance to leakage of ephemeral keys up to (in one case) a man-in-the-middle attack. Many of the protocols admit key-compromise impersonation attacks despite claiming security against such attacks. In order to describe our results rigorously, we introduce the first known formal security model for two-party authenticated certificateless key agreement protocols. Our model is based on the extended Canetti-Krawczyk model for traditional authenticated key exchange, except that we expand the range of allowable attacks to account for the increased flexibility of the attacker in the certificateless setting.
Keywordskey agreement certificateless public key cryptography
Unable to display preview. Download preview PDF.
- 1.Al-Riyami, S.S., Paterson, K.G.: Certificateless public key cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)Google Scholar
- 2.Al-Riyami, S.S., Paterson, K.G.: CBE from CLE-PKE: A generic construction and efficient schemes. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 398–415. Springer, Heidelberg (2005)Google Scholar
- 5.Girault, M.: Self-certified public keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)Google Scholar
- 6.Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
- 8.Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997)Google Scholar
- 10.Mandt, T.K.: Certificateless authenticated two-party key agreement protocols. Master’s thesis, Gjøvik University College, Department of Computer Science and Media Technology (2006)Google Scholar
- 13.Meng, G., Futai, Z.: Key-compromise impersonation attacks on some certificateless key agreement protocols and two improved protocols. In: International Workshop on Education Technology and Computer Science, vol. 2, pp. 62–66 (2009)Google Scholar
- 16.Swanson, C.M.: Security in key agreement: Two-party certificateless schemes. Master’s thesis, University of Waterloo, Department of Combinatorics and Optimization (2008)Google Scholar