Cryptanalysis and improvement of two certificateless three-party authenticated key agreement protocols
This work addresses security flaws in key agreement protocols for secure communication systems, offering incremental improvements to enhance reliability in cryptographic applications.
The authors identified security vulnerabilities in two existing certificateless three-party authenticated key agreement protocols, showing that one fails forward security and key compromise impersonation resistance, and the other is vulnerable to key compromise impersonation attacks. They proposed improved protocols that eliminate these weaknesses, as confirmed by further security analysis.
Recently, two certificateless three-party authenticated key agreement protocols were proposed, and both protocols were claimed they can meet the desirable security properties including forward security, key compromise impersonation resistance and so on. Through cryptanalysis, we show that one neither meets forward security and key compromise impersonation resistance nor resists an attack by an adversary who knows all users' secret values, and the other cannot resist key compromise impersonation attack. Finally, we propose improved protocols to make up two original protocols' security weaknesses, respectively. Further security analysis shows that our improved protocols can remove such security weaknesses.