Paper 2011/195

An ID-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments

Debiao He and Yitao Chen

Abstract

For secure communications in public network environments, various three-party authenticated key exchange (3PAKE) protocols are proposed to provide the transaction confidentiality and efficiency. In 2009, Yang et al. proposed an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography(ECC) for mobile-commerce environments. Because the elliptic curve cryptography is used, their 3PAKE protocol has low computation costs and light communication loads. However, Tan demonstrated that Yang et al.’s protocol suffers from the impersonation attack and the parallel attack. Tan also proposed an enhanced protocol to improve the security and the performance. However, Yang et al.’s protocol and Tan’s protocol bases on the public key infrastructure(PKI). Then the server has to maintain the certificates for users’ public keys. When the number of users is increased, the server needs a large storage space to store users’ public keys and certificates. In addition, the server needs additional computations to verify the other’s certificate in their protocols. This causes the computation loads and the energy costs of mobile devices very high. In this paper, we propose an ID-based 3PAKE using ECC. Compared with the related protocol, our protocol does not need additional computations to verify certificate and has the better performance. Then our protocol is more suitable and practical for mobile-commerce environments.

Metadata
Available format(s)
-- withdrawn --
Publication info
Published elsewhere. The paper has not been published.
Keywords
ID-basedThree-party key exchangeElliptic curve Cryptosystem
Contact author(s)
hedebiao @ 163 com
History
2011-07-20: withdrawn
2011-04-25: received
See all versions
Short URL
https://ia.cr/2011/195
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.