Paper 2007/026

Cryptanalysis and Improvement of an Elliptic Curve Diffie-Hellman Key Agreement Protocol

Shengbao Wang, Zhenfu Cao, Maurizio Adriano Strangio, and Lihua Wang


In SAC'05, Strangio proposed protocol ECKE-1 as an efficient elliptic curve Diffie-Hellman two-party key agreement protocol using public key authentication. In this letter, we show that despite the author's claims protocol ECKE-1 is vulnerable to key-compromise impersonation attacks. We also present an improved protocol --- ECKE-1N, which can withstand such attacks. The improved protocol's performance is comparable to the well-known MQV protocol and maintains the same remarkable list of security properties.

Note: In this letter, we propose an authenticated key agreement protocol whose performance is comparable to the well-known (H)MQV protocol. The new protocol can also be seen as a (secure) descendant of the famous MTI/C0 protocol.

Available format(s)
Publication info
Published elsewhere. IEEE Communications Letters
Key agreementelliptic curve cryptographyDiffie--Hellman protocolkey-compromise impersonationMQV
Contact author(s)
shengbao-wang @ cs sjtu edu cn
2007-12-14: last of 4 revisions
2007-01-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shengbao Wang and Zhenfu Cao and Maurizio Adriano Strangio and Lihua Wang},
      title = {Cryptanalysis and Improvement of an Elliptic Curve Diffie-Hellman Key Agreement Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2007/026},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.