Paper 2009/534

Weaknesses and improvement of three-party authenticated key exchange protocol using elliptic curve cryptography

S. Wu

Abstract

Quite recently, Yang et al. presented an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography for mobile-commerce environments. In this paper, we demonstrate that Yang et al's three-party authenticated protocol is potentially vulnerable to an unknown key-share attack and impersonation attack. Thereafter, we suggest a secure and efficient three-party authenticated key exchange protocol for mobile-commerce environments. Our improved protocol has the following advantages over Yang et al.'s protocol: (1) our scheme combines two factors to strengthen its authentication mechanism; (2) our scheme simply utilizes each user's unique identity to accomplish authentication, eliminating maintenance of a lot of users' keys. Furthermore, our scheme is more efficient than Yang et al's scheme. Therefore, the end result is more suited to be a candidate for implementation in mobile-commerce environments.

Metadata
Available format(s)
-- withdrawn --
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
three-party authenticated key exchangeelliptic curve cryptography
Contact author(s)
pqwsh @ yahoo com cn
History
2010-07-04: withdrawn
2009-11-05: received
See all versions
Short URL
https://ia.cr/2009/534
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.