Identity-based authenticated key agreement protocol based on Weil pairing

1. Identity-based authenticated key agreement protocol based on Weil pairing N.P. Smart IEE Electronics Letters 2002 Presented By Kuang-Ling Lin 10/7/2003

2. Outline • Introduction • The protocol based on Weil pairing • Security • Three pass AKC protocol • Conclusion

3. Introduction • Key agreement is one of fundamental cryptographic primitive • Properties: (1)Bilinear (2)Non-degenerate (3)Computable

4. The protocol based on Weil pairing • G:a prime order l subgroup of an elliptic curve over the field Fq • k:the smallest integer corresponding to l | qk-1 • ê:G X G→Fq* • V:key derivation function V:F*qk →{0,1} • s:KGC’s secret key • PKGS: PKGS=[s]P • QID:QID=H(ID) • SID :SID=[s]QID

5. The protocol based on Weil pairing User A User B TA=[a]P TB=[b]P User A computes kA= ê([a]QB,PKGS)．ê(SA,TB) User B computes kB= ê([b]QA,PKGS)．ê(SB,TA) Secret key K=V(kA)=V(kB)

6. Security • Known key security • Forward secrecy ê(QB,TA)S．ê(QA,TB)S • Key control

7. Three pass AKC protocol • R=ê([a]QB,PKGS)=ê([b]QA,PKGS) User A User B TA=[a]P TB=[b]P,M1=MACk’(2,B,A,R) M2=MACk’(3,A,B,R)

8. Conclusion • It seems that this protocol only makes two party to agree one key.