Robust generalized MQV key agreement protocol without using one-way hash functions
Computer Standards & Interfaces
An Efficient Protocol for Authenticated Key Agreement
Designs, Codes and Cryptography
Authenticated Multi-Party Key Agreement
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
New directions in cryptography
IEEE Transactions on Information Theory
Hi-index | 0.00 |
The MQV protocol is the first authenticated key agreement protocol which uses a digital signature to sign Diffie-Hellman public keys without using any one-way hash functions. Based on the MQV protocol, Harn and Lin proposed an authenticated multiple-key agreement protocol that enables two parties to establish multiple common secret keys in a single protocol run. But the protocol was subsequently found to be flawed. Tseng proposed a new generalized MQV key agreement protocol without using one-way hash functions to overcome the weaknesses of Harn-Lin's protocol. Recently, Shao showed that Teng's protocol is insecure against signature forgery attacks and then proposed an improved authenticated multiple-key agreement protocol to resist the attacks. In this paper we show that Shao's protocol is vulnerable to unknown key-share attacks. We also point out its another potential weakness.