On the Security of Girault Key Agreement Protocols against Active Attacks

Soo-Hyun OH  Masahiro MAMBO  Hiroki SHIZUYA  Dong-Ho WON  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E86-A   No.5   pp.1181-1189
Publication Date: 2003/05/01
Online ISSN: 
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
self-certified public key,  Girault key agreement protocol,  reduction,  

Full Text: PDF>>
Buy this Article

In 1991 Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of the original and variants of Girault key agreement protocol under several kinds of active attacker models. In particular we show that protocols are either insecure or proven as secure as the Diffie-Hellman problem over Zn with respect to the reduction among functions of computing them. Analyzed protocols include a new variant of 1-pass protocol. As opposed to the original 1-pass protocol, the new variant provides mutual implicit key authentication without increasing the number of passes.