A Study of Two-Party Certificateless Authenticated Key-Agreement Protocols

  • Colleen Swanson
  • David Jao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5922)


We survey the set of all prior two-party certificateless key agreement protocols available in the literature at the time of this work. We find that all of the protocols exhibit vulnerabilities of varying severity, ranging from lack of resistance to leakage of ephemeral keys up to (in one case) a man-in-the-middle attack. Many of the protocols admit key-compromise impersonation attacks despite claiming security against such attacks. In order to describe our results rigorously, we introduce the first known formal security model for two-party authenticated certificateless key agreement protocols. Our model is based on the extended Canetti-Krawczyk model for traditional authenticated key exchange, except that we expand the range of allowable attacks to account for the increased flexibility of the attacker in the certificateless setting.


key agreement certificateless public key cryptography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Al-Riyami, S.S., Paterson, K.G.: Certificateless public key cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)Google Scholar
  2. 2.
    Al-Riyami, S.S., Paterson, K.G.: CBE from CLE-PKE: A generic construction and efficient schemes. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 398–415. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Boyen, X.: The uber-assumption family – a unified complexity framework for bilinear groups. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 39–56. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Dent, A.W.: A survey of certificateless encryption schemes and security models. Int. J. Inf. Secur. 7(5), 349–377 (2008)CrossRefGoogle Scholar
  5. 5.
    Girault, M.: Self-certified public keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)Google Scholar
  6. 6.
    Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Lippold, G., Boyd, C., Nieto, J.G.: Strongly secure certificateless key agreement. In: Shacham, H. (ed.) Pairing 2009. LNCS, vol. 5671, pp. 206–230. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Mandt, T.K.: Certificateless authenticated two-party key agreement protocols. Master’s thesis, Gjøvik University College, Department of Computer Science and Media Technology (2006)Google Scholar
  11. 11.
    Mandt, T.K., Tan, C.H.: Certificateless authenticated two-party key agreement protocols. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 37–44. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: ASIACCS 2008: Proceedings of the 2008 ACM symposium on Information, computer and communications security, pp. 261–270. ACM, New York (2008)CrossRefGoogle Scholar
  13. 13.
    Meng, G., Futai, Z.: Key-compromise impersonation attacks on some certificateless key agreement protocols and two improved protocols. In: International Workshop on Education Technology and Computer Science, vol. 2, pp. 62–66 (2009)Google Scholar
  14. 14.
    Shao, Z.-h.: Efficient authenticated key agreement protocol using self-certified public keys from pairings. Wuhan University Journal of Natural Sciences 10(1), 267–270 (2005)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Shi, Y., Li, J.: Two-party authenticated key agreement in certificateless public key cryptography. Wuhan University Journal of Natural Sciences 12(1), 71–74 (2007)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Swanson, C.M.: Security in key agreement: Two-party certificateless schemes. Master’s thesis, University of Waterloo, Department of Combinatorics and Optimization (2008)Google Scholar
  17. 17.
    Wang, S., Cao, Z.: Escrow-free certificate-based authenticated key agreement protocol from pairings. Wuhan University Journal of Natural Sciences 12(1), 63–66 (2007)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Wang, S., Cao, Z., Wang, L.: Efficient certificateless authenticated key agreement protocol from pairings. Wuhan University Journal of Natural Sciences 11(5), 1278–1282 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Xia, L., Wang, S., Shen, J., Xu, G.: Breaking and repairing the certificateless key agreement protocol from ASIAN 2006. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 562–566. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Colleen Swanson
    • 1
  • David Jao
    • 2
  1. 1.David R. Cheriton School of Computer Science 
  2. 2.Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada

Personalised recommendations