**Identity-based Key Agreement Protocols From Pairings**

*L. Chen and Z. Cheng and N.P. Smart*

**Abstract: **In recent years, a large number of identity-based key agreement
protocols from pairings have been proposed. Some of them are
elegant and practical. However, the security of this type of
protocols has been surprisingly hard to prove. The main issue is
that a simulator is not able to deal with reveal queries, because
it requires solving either a computational problem or a decisional
problem, both of which are generally believed to be hard (i.e.,
computationally infeasible). The best solution of security proof
published so far uses the gap assumption, which means assuming
that the existence of a decisional oracle does not change the
hardness of the corresponding computational problem. The
disadvantage of using this solution to prove the security for this
type of protocols is that such decisional oracles, on which the
security proof relies, cannot be performed by any polynomial time
algorithm in the real world, because of the hardness of the
decisional problem. In this paper we present a method
incorporating a built-in decisional function in this type of
protocols. The function transfers a hard decisional problem in the
proof to an easy decisional problem. We then discuss the resulting
efficiency of the schemes and the relevant security reductions in
the context of different pairings one can use. We pay particular
attention, unlike most other papers in the area, to the issues
which arise when using asymmetric pairings.

**Category / Keywords: **cryptographic protocols / ID Based Key Agreement Protocols

**Date: **received 20 Jun 2006, last revised 23 Aug 2006

**Contact author: **nigel at cs bris ac uk

**Available format(s): **Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

**Note: **Minor clarifications added

**Version: **20060823:092626 (All versions of this report)

**Short URL: **ia.cr/2006/199

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]