Paper 2002/035

Tripartite Authenticated Key Agreement Protocols from Pairings

Sattam S. Al-Riyami and Kenneth G. Paterson


Joux's protocol is a one round, tripartite key agreement protocol that is more bandwidth-efficient than any previous three-party key agreement protocol. But it is insecure, suffering from a simple man-in-the-middle attack. This paper shows how to make Joux's protocol secure, presenting several tripartite, authenticated key agreement protocols that still require only one round of communication. A pass-optimal authenticated and key confirmed tripartite protocol that generalises the station-to-station protocol is also presented. The security properties of the new protocols are studied using provable security methods and heuristic approaches. Applications for the protocols are also discussed.

Note: Revision to earlier version of paper to include more detailed security analysis and analysis of confirmed protocols.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Secure protocolskey agreementauthenticationpairings
Contact author(s)
kenny paterson @ rhul ac uk
2003-04-16: revised
2002-03-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sattam S.  Al-Riyami and Kenneth G.  Paterson},
      title = {Tripartite Authenticated Key Agreement Protocols from Pairings},
      howpublished = {Cryptology ePrint Archive, Paper 2002/035},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.