Paper 2006/252

On the Resilience of Key Agreement Protocols to Key Compromise Impersonation

Maurizio A. Strangio


Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. This paper focuses on key agreement protocols in the asymmetric authentication model, wherein parties hold a public/private key pair. In particular, we consider a type of known key attack called key compromise impersonation that may occur once the adversary has obtained the private key of an honest party. This attack represents a subtle threat that is often underestimated and difficult to counter. Several protocols are shown vulnerable to this attack despite their authors claiming the opposite. We also consider in more detail how three formal (complexity-theoretic based) models of distributed computing found in the literature cover such attacks.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Proceedings of the 3rd European PKI Workshop, EuroPKI06
key compromise impersonationkey agreement protocol
Contact author(s)
strangio @ disp uniroma2 it
2006-07-24: received
Short URL
Creative Commons Attribution


      author = {Maurizio A.  Strangio},
      title = {On the Resilience of Key Agreement Protocols to Key Compromise Impersonation},
      howpublished = {Cryptology ePrint Archive, Paper 2006/252},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.