Comments on the SM2 key exchange protocol

Authors:
Jing Xu;Dengguo Feng
Affiliations:
State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R.China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R.China
Venue:
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Year:
2011

Citing 12
Cited 0

Authentication and authenticated key exchanges

Designs, Codes and Cryptography
A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
An unknown key-share attack on the MQV key agreement protocol

ACM Transactions on Information and System Security (TISSEC)
An Efficient Protocol for Authenticated Key Agreement

Designs, Codes and Cryptography
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol

PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS

Designs, Codes and Cryptography
Session-state Reveal Is Stronger Than Ephemeral Key Reveal: Attacking the NAXOS Authenticated Key Exchange Protocol

ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Stronger security of authenticated key exchange

ProvSec'07 Proceedings of the 1st international conference on Provable security
Authenticated key exchange and key encapsulation in the standard model

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
HMQV: a high-performance secure diffie-hellman protocol

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Security analysis of KEA authenticated key exchange protocol

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

SM2 key exchange protocol is one part of the public key cryptographic algorithm SM2 which has been standardized by Chinese state cryptography administration for commercial applications. It became publicly available in 2010 and since then it was neither attacked nor proved to be secure. In this paper, we show that the SM2 key exchange protocol is insecure by presenting realistic attacks in the Canetti-Krawczyk model. The demonstrated attack breaks session-key security against an adversary who can only reveal session states. We also propose a simple modification method to solve this problem.