A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A survey of certificateless encryption schemes and security models
International Journal of Information Security
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
ETCS '09 Proceedings of the 2009 First International Workshop on Education Technology and Computer Science - Volume 02
Strongly Secure Certificateless Key Agreement
Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Stronger security of authenticated key exchange
ProvSec'07 Proceedings of the 1st international conference on Provable security
Certificateless authenticated two-party key agreement protocols
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
CBE from CL-PKE: a generic construction and efficient schemes
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Toward pairing-free certificateless authenticated key exchanges
ISC'11 Proceedings of the 14th international conference on Information security
Provably secure certificateless one-way and two-party authenticated key agreement protocol
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
We survey the set of all prior two-party certificateless key agreement protocols available in the literature at the time of this work. We find that all of the protocols exhibit vulnerabilities of varying severity, ranging from lack of resistance to leakage of ephemeral keys up to (in one case) a man-in-the-middle attack. Many of the protocols admit key-compromise impersonation attacks despite claiming security against such attacks. In order to describe our results rigorously, we introduce the first known formal security model for two-party authenticated certificateless key agreement protocols. Our model is based on the extended Canetti-Krawczyk model for traditional authenticated key exchange, except that we expand the range of allowable attacks to account for the increased flexibility of the attacker in the certificateless setting.