Key-Compromise Impersonation Attacks on Some Certificateless Key Agreement Protocols and Two Improved Protocols

Certificateless public key cryptography (CL-PKC) is a new paradigm in public key cryptography which avoids the inherent key escrow problem of identity-based public key cryptography (ID-PKC) and yet requires no certificates to guarantee the authenticity of users´ public keys. It was first introduced by Al-Riyami and Paterson in 2003. Subsequently, several certificateless two-party key agreement protocols were presented. Unfortunately, some of these protocols are not as secure as they were claimed to be. We will show that some existing certificateless key agreement protocols do not satisfy the requirements of key-compromise impersonation security and known session-specific temporary information security. Further more, we present two improved certificateless authenticated two-party key agreement protocols which possess all security attributes of a key agreement protocol.