International Association for Cryptologic Research

International Association
for Cryptologic Research


Maurizio Adriano Strangio


Cryptanalysis and Improvement of an Elliptic Curve Diffie-Hellman Key Agreement Protocol
Shengbao Wang Zhenfu Cao Maurizio Adriano Strangio Lihua Wang
In SAC'05, Strangio proposed protocol ECKE-1 as an efficient elliptic curve Diffie-Hellman two-party key agreement protocol using public key authentication. In this letter, we show that despite the author's claims protocol ECKE-1 is vulnerable to key-compromise impersonation attacks. We also present an improved protocol --- ECKE-1N, which can withstand such attacks. The improved protocol's performance is comparable to the well-known MQV protocol and maintains the same remarkable list of security properties.
Revisiting an Efficient Elliptic Curve Key Agreement Protocol
Maurizio Adriano Strangio
A recent paper by Wang \emph{et al.} has revealed a vulnerability in the ECKE-1 key agreement protocol. In particular, contrary to the author's claims, protocol ECKE-1 is shown to be susceptible to a key-compromise impersonation attack. This attack was also independently pointed out by the author in another recent paper published in the EURASIP Journal on Embedded Systems. Here we present a revised version of the protocol, ECKE-1R, that is key-compromise impersonation resilient at the expense of a higher computational workload and communication complexity with respect to the original protocol ECKE-1.
On the Resilience of Key Agreement Protocols to Key Compromise Impersonation
Maurizio A. Strangio
Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. This paper focuses on key agreement protocols in the asymmetric authentication model, wherein parties hold a public/private key pair. In particular, we consider a type of known key attack called key compromise impersonation that may occur once the adversary has obtained the private key of an honest party. This attack represents a subtle threat that is often underestimated and difficult to counter. Several protocols are shown vulnerable to this attack despite their authors claiming the opposite. We also consider in more detail how three formal (complexity-theoretic based) models of distributed computing found in the literature cover such attacks.


Zhenfu Cao (1)
Lihua Wang (1)
Shengbao Wang (1)