Skip to main content
SpringerLink
Log in

Comments on the SM2 Key Exchange Protocol

  • Conference paper
Cryptology and Network Security (CANS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7092))

Included in the following conference series:

Abstract

SM2 key exchange protocol is one part of the public key cryptographic algorithm SM2 which has been standardized by Chinese state cryptography administration for commercial applications. It became publicly available in 2010 and since then it was neither attacked nor proved to be secure. In this paper, we show that the SM2 key exchange protocol is insecure by presenting realistic attacks in the Canetti-Krawczyk model. The demonstrated attack breaks session-key security against an adversary who can only reveal session states. We also propose a simple modification method to solve this problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Diffie, W., Hellman, H.: New directions in cryptography. IEEE Transactions of Information Theory 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  2. Diffie, W., van Oorschot, P., Wiener, M.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  3. Menezes, A., Qu, M., Vanstone, S.: Some new key agreement protocols providing mutual implicit authentication. In: Proceedings of the Second Workshop on Selected Areas in Cryptography (SAC 1995), pp. 22–32 (1995)

    Google Scholar 

  4. Blake-Wilson, S., Menezes, A.: Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 154–170. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  5. Kaliski, B.: An unknown key-share attack on the MQV key agreement protocol. ACM Transactions on Information and System Security (TISSEC) 4(3), 275–288 (2001)

    Article  Google Scholar 

  6. Lauter, K., Mityagin, A.: Security Analysis of KEA Authenticated Key Exchange Protocol. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 378–394. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 28, 119–134 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  8. Okamoto, T.: Authenticated Key Exchange and Key Encapsulation in the Standard Model. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 474–484. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol for (H)MQV and NAXOS. Designs, Codes and Cryptography 46(3), 329–342 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  11. Cremers, C.J.F.: Session-State Reveal is Stronger than Ephemeral Key Reveal: Attacking the NAXOS Key Exchange Protocol. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 20–33. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. ANSI X9.42, Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography. American National Standards Institute (2003)

    Google Scholar 

  14. ANSI X9.63, Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography. American National Standards Institute (2001)

    Google Scholar 

  15. SP 800-56A Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. National Institute of Standards and Technology (March 2006)

    Google Scholar 

  16. Krawczyk, H.: ”HMQV in IEEE P1363”, submission to the IEEE P1363 working group (July 7, 2006), http://grouper.ieee.org/groups/1363/P1363-Reaffirm/submissions/krawczyk-hmqv-spec.pdf

  17. Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves, Part 3: Key Exchange Protocol (in Chinese), http://www.oscca.gov.cn/UpFile/2010122214822692.pdf

  18. Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, pp. 419–428 (1998)

    Google Scholar 

  19. Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and their use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China

    Jing Xu & Dengguo Feng

Authors
  1. Jing Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, 100190, Beijing, China

    Dongdai Lin

  2. Computer Science Department, University of California, 92697-3435, Irvine, CA, USA

    Gene Tsudik

  3. Shandong University, China

    Xiaoyun Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xu, J., Feng, D. (2011). Comments on the SM2 Key Exchange Protocol. In: Lin, D., Tsudik, G., Wang, X. (eds) Cryptology and Network Security. CANS 2011. Lecture Notes in Computer Science, vol 7092. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25513-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25513-7_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25512-0

  • Online ISBN: 978-3-642-25513-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation