A Secure and Efficient Three-Pass Authenticated Key Agreement Protocol Based on Elliptic Curves

  • Meng-Hui Lim
  • Chee-Min Yeoh
  • Sanggon Lee
  • Hyotaek Lim
  • Hoonjae Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4982)


Key agreement protocol is of fundamental importance in providing data confidentiality and integrity between two or more parties over an insecure network. In 2004, Popescu [14] proposed an authenticated key agreement protocol in which its security is claimed. However, Yoon and Yoo [19] discovered its vulnerabilities two years later and proposed an improved variant of it. In this paper, we highlight the vulnerability of this improved variant under the LaMacchia et al.’s extended Canetti-Krawczyk security model [12]. With this, we propose another enhanced version of Popescu’s protocol which offers stronger security features and appears to be significantly more efficient than Yoon-Yoo’s scheme. In order to justify our claims, we present a thorough heuristic security analysis on our scheme and compare the computational cost and security attributes with the surveyed schemes.


Hash Function Elliptic Curve Shared Secret Elliptic Curve Cryptography Protocol Execution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 110–125. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: The Three Party Case. In: 27th ACM Symposium on the Theory of Computing - ACM STOC, pp. 57–66 (1995)Google Scholar
  3. 3.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key Agreement Protocols and their Security Analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key Agreement Protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Boyd, C., Choo, K.-K.R.: Security of Two-Party Identity-Based Key Agreement. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 229–243. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Choo, K.-K.R., Boyd, C., Hitchcock, Y.: On Session Key Construction in Provably-Secure Key Establishment Protocols. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 116–131. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Duraisamy, R., Salcic, Z., Strangio, M.A., Morales-Sandoval, M.: Supporting Symmetric 128-bit AES in Networked Embedded Systems: An Elliptic Curve Key Establishment Protocol-on-Chip. EURASIP Journal of Embedded Systems 2007(9) (2007)Google Scholar
  9. 9.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Koblitz, N.: Elliptic Curve Cryptosystems. Mathematics of Computation 48, 203–209 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger Security of Authenticated key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  14. 14.
    Popescu, C.: A Secure Authenticated Key Agreement Protocol. In: Proceedings of the 12th IEEE Mediterranean (MELECON 2004), vol. 2, pp. 783–786 (2004)Google Scholar
  15. 15.
    Raju, G.V.S., Akbani, R.: Elliptic Curve Cryptosystem and its Applications. In: Proceedings of the 2003 IEEE International Conference on Systems. Man and Cybernetics (IEEE-SMC), vol. 2, pp. 1540–1543 (2003)Google Scholar
  16. 16.
    Strangio, M.A.: Efficient Diffie-Hellmann Two-Party Key Agreement Protocols based on Elliptic Curves. In: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 324–331 (2005)Google Scholar
  17. 17.
    Strangio, M.A.: Revisiting an Efficient Elliptic Curve Key Agreement Protocol. Cryptology ePrint Archive: Report 081 (2007)Google Scholar
  18. 18.
    Wang, S., Cao, Z., Strangio, M.A., Wang, L.: Cryptanalysis of an Effcient Diffe-Hellman Key Agreement Protocol based on Elliptic Curves. Cryptology ePrint Archive: Report 026 (2006)Google Scholar
  19. 19.
    Yoon, E.-J., Yoo, K.-Y.: An Improved Popescu’s Authenticated Key Agreement Protocol. In: Gavrilova, M.L., Gervasi, O., Kumar, V., Tan, C.J.K., Taniar, D., Laganá, A., Mun, Y., Choo, H. (eds.) ICCSA 2006. LNCS, vol. 3984, pp. 276–283. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Meng-Hui Lim
    • 1
  • Chee-Min Yeoh
    • 1
  • Sanggon Lee
    • 2
  • Hyotaek Lim
    • 2
  • Hoonjae Lee
    • 2
  1. 1.Department of Ubiquitous IT, Graduate School of Design & ITDongseo UniversityBusanKorea
  2. 2.Division of Computer and Information EngineeringDongseo UniversityBusanKorea

Personalised recommendations