Authentication and authenticated key exchanges
Designs, Codes and Cryptography
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
An Efficient Protocol for Authenticated Key Agreement
Designs, Codes and Cryptography
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS
Designs, Codes and Cryptography
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Stronger security of authenticated key exchange
ProvSec'07 Proceedings of the 1st international conference on Provable security
Authenticated key exchange and key encapsulation in the standard model
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Security analysis of KEA authenticated key exchange protocol
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Hi-index | 0.00 |
SM2 key exchange protocol is one part of the public key cryptographic algorithm SM2 which has been standardized by Chinese state cryptography administration for commercial applications. It became publicly available in 2010 and since then it was neither attacked nor proved to be secure. In this paper, we show that the SM2 key exchange protocol is insecure by presenting realistic attacks in the Canetti-Krawczyk model. The demonstrated attack breaks session-key security against an adversary who can only reveal session states. We also propose a simple modification method to solve this problem.