Cryptology ePrint Archive: Report 2009/534

Weaknesses and improvement of three-party authenticated key exchange protocol using elliptic curve cryptography

S. Wu

Abstract: Quite recently, Yang et al. presented an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography for mobile-commerce environments. In this paper, we demonstrate that Yang et al's three-party authenticated protocol is potentially vulnerable to an unknown key-share attack and impersonation attack. Thereafter, we suggest a secure and efficient three-party authenticated key exchange protocol for mobile-commerce environments. Our improved protocol has the following advantages over Yang et al.'s protocol: (1) our scheme combines two factors to strengthen its authentication mechanism; (2) our scheme simply utilizes each user's unique identity to accomplish authentication, eliminating maintenance of a lot of users' keys. Furthermore, our scheme is more efficient than Yang et al's scheme. Therefore, the end result is more suited to be a candidate for implementation in mobile-commerce environments.

Category / Keywords: cryptographic protocols / three-party authenticated key exchange, elliptic curve cryptography

Date: received 4 Nov 2009, withdrawn 3 Jul 2010

Contact author: pqwsh at yahoo com cn

Available format(s): (-- withdrawn --)

Version: 20100704:011354 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]