Abstract

Recently, Chen et al. proposed an efficient three-party encrypted key exchange protocol based upon Schnorr’s digital signature scheme with fewer rounds. However, J.H. Yang and C. C. Chang showed that Chen et al.’s protocol still has the high computation cost and communication cost. Moreover, Chen et al.’s protocol suffers from stolen-verifier attacks. Then J.H. Yang and C. C. Chang proposed a three-party authenticated key exchange protocol without password by using elliptic curve cryptography. Their improved protocol requires smaller transmitted message size and less communication times, which is well suitable for resource-limited environments such as mobile communication and mobile commerce. Unfortunately, we find that Yang et al.’s protocol is vulnerable to replay attacks, denial-of-Service attacks and impersonation attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.