Paper 2014/050

Some Theoretical Conditions for Menezes--Qu--Vanstone Key Agreement to Provide Implicit Key Authentication

Daniel R. L. Brown


Menezes--Qu--Vanstone key agreement (MQV) is intended to provide implicit key authentication (IKA) and several other security objectives. MQV is approved and specified in five standards. This report focuses on the IKA of two-pass MQV, without key confirmation. Arguably, implicit key authentication is the most essential security objective in authenticated key agreement. The report examines various necessary or sufficient formal conditions under which MQV may provide IKA. Incidentally, this report defines, relies on, and inter-relates various conditions on the key deriviation function and Diffie--Hellman groups. While it should be expected that most such definitions and results are already well-known, a reader interested in these topics may be interested in this report as a kind of review, even if they have no interest in MQV whatsoever.

Note: Caution: this report is a work in progress. It may contain serious omissions and errors. Readers should verify any proofs before relying upon them, as always, but perhaps more so than is usual.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
key agreementMQVprovable security
Contact author(s)
dbrown @ certicom com
2014-07-07: last of 4 revisions
2014-01-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel R.  L.  Brown},
      title = {Some Theoretical Conditions for Menezes--Qu--Vanstone Key Agreement to Provide Implicit Key Authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2014/050},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.