Proposal for identity-based key distribution systems

(Okamoto, E. see ibid vol.22, p.1283-4, 1986) recently proposed two identity-based key distribution systems. One of them, called ID-based KDS-2, is the subject of this letter. A simple method is presented of forging a set of data which pass the identification procedure. In this method, using publicly known information and a small amount of computation, everyone, say user C, can cheat anybody, say user B, into the belief that his/her partner is indeed user A, whom user C wants to impersonate. A countermeasure against this serious disadvantage is suggested. Also a scenario of totally breaking ID-based KDS-2 is examined. The author replies that the identification part of the ID-based KDS-2 is actually insecure. However, the suggested countermethod is still insecure against the so-called `replay´ attack, because anybody can disguise user k with the pair (x _k, y_k) which user k has sent to someone in the past. He has already revised the ID-based KDS-2 so that the integer c is a function of the integer x, time and other information. The revised version is secure against their method and the replay attack