Analysis and improvement of a strongly secure certificateless key exchange protocol without pairing

TL;DR

This paper critically analyzes a certificateless key exchange protocol without pairing, revealing security flaws and proposing an improved scheme that enhances resistance against specific attacks, thereby strengthening protocol security.

Contribution

It identifies a security flaw in Yang and Tan's protocol and introduces an improved protocol with better resistance to key compromise impersonation attacks.

Findings

Original protocol is vulnerable to specific key compromise attacks.

Proposed improved protocol resists attacks by tightly coupling private and ephemeral keys.

Enhanced protocol maintains security even if one key component is compromised.

Abstract

Recently, Yang and Tan proposed a certificateless key exchange protocol without pairing, and claimed their scheme satisfies forward secrecy, which means no adversary could derive an already-established session key unless the full user secret keys (including a private key and an ephemeral secret key) of both communication parties are compromised. However, in this paper, we point out their protocol is actually not secure as claimed by presenting an attack launched by an adversary who has learned the private key of one party and the ephemeral secret key of the other, but not the full user secret keys of both parties. Furthermore, to make up this flaw, we also provide an improved protocol in which the private key and the ephemeral secret key are closely intertwined with each other for generating the session key, thus above attack can be efficiently resisted.