Abstract
SM2 key exchange protocol is one part of the public key cryptographic algorithm SM2 which has been standardized by Chinese state cryptography administration for commercial applications. It became publicly available in 2010 and since then it was neither attacked nor proved to be secure. In this paper, we show that the SM2 key exchange protocol is insecure by presenting realistic attacks in the Canetti-Krawczyk model. The demonstrated attack breaks session-key security against an adversary who can only reveal session states. We also propose a simple modification method to solve this problem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Diffie, W., Hellman, H.: New directions in cryptography. IEEE Transactions of Information Theory 22(6), 644–654 (1976)
Diffie, W., van Oorschot, P., Wiener, M.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2(2), 107–125 (1992)
Menezes, A., Qu, M., Vanstone, S.: Some new key agreement protocols providing mutual implicit authentication. In: Proceedings of the Second Workshop on Selected Areas in Cryptography (SAC 1995), pp. 22–32 (1995)
Blake-Wilson, S., Menezes, A.: Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 154–170. Springer, Heidelberg (1999)
Kaliski, B.: An unknown key-share attack on the MQV key agreement protocol. ACM Transactions on Information and System Security (TISSEC) 4(3), 275–288 (2001)
Lauter, K., Mityagin, A.: Security Analysis of KEA Authenticated Key Exchange Protocol. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 378–394. Springer, Heidelberg (2006)
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 28, 119–134 (2003)
Okamoto, T.: Authenticated Key Exchange and Key Encapsulation in the Standard Model. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 474–484. Springer, Heidelberg (2007)
LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)
Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol for (H)MQV and NAXOS. Designs, Codes and Cryptography 46(3), 329–342 (2008)
Cremers, C.J.F.: Session-State Reveal is Stronger than Ephemeral Key Reveal: Attacking the NAXOS Key Exchange Protocol. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 20–33. Springer, Heidelberg (2009)
Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
ANSI X9.42, Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography. American National Standards Institute (2003)
ANSI X9.63, Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography. American National Standards Institute (2001)
SP 800-56A Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. National Institute of Standards and Technology (March 2006)
Krawczyk, H.: ”HMQV in IEEE P1363”, submission to the IEEE P1363 working group (July 7, 2006), http://grouper.ieee.org/groups/1363/P1363-Reaffirm/submissions/krawczyk-hmqv-spec.pdf
Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves, Part 3: Key Exchange Protocol (in Chinese), http://www.oscca.gov.cn/UpFile/2010122214822692.pdf
Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, pp. 419–428 (1998)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and their use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xu, J., Feng, D. (2011). Comments on the SM2 Key Exchange Protocol. In: Lin, D., Tsudik, G., Wang, X. (eds) Cryptology and Network Security. CANS 2011. Lecture Notes in Computer Science, vol 7092. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25513-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-25513-7_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25512-0
Online ISBN: 978-3-642-25513-7
eBook Packages: Computer ScienceComputer Science (R0)