Yang and Tan proposed a certificateless key agreement protocol without pairing, and claimed their scheme satisfies forward secrecy,which means no adversary could derive an established session key unless the full user secret information(including a private key and an ephemeral secret key) of both communication parties are compromised. However, we pointed out their protocol is actually not secure as claimed by presenting an attack launched by an adversary who has learned the private key of one party and the ephemeral secret key of the other, but not the full user secret keys of both parties. Furthermore, to make up this flaw, we also provided an revised protocol in which the private key and the ephemeral secret key are closely intertwined with each other for generating the session key, thus above attack can be efficiently resisted.%Yang和Tan提出一个不需要双线性对的无证书密钥协商协议,并声称该协议满足前向安全性,即双方参与者的私钥和临时秘密信息不全部泄露,敌手就无法获得双方参与者协商的会话密钥.给出一种攻击方法:敌手只要得到一个参与者的私钥和另一个参与者的临时秘密信息,就可以获得双方已经协商的会话密钥.针对此缺陷,对协议做了改进,在改进协议中,双方参与者的私钥和临时秘密信息互相交织在一起,因而能抵抗上述攻击.
展开▼
