Analysis and improvement of a strongly secure certificateless key exchange protocol without pairing

Abstract: Recently, Yang and Tan proposed a certificateless key exchange protocol without pairing, and claimed their scheme satisfies forward secrecy, which means no adversary could derive an already-established session key unless the full user secret keys (including a private key and an ephemeral secret key) of both communication parties are compromised. However, in this paper, we point out their protocol is actually not secure as claimed by presenting an attack launched by an adversary who has learned the private key of one party and the ephemeral secret key of the other, but not the full user secret keys of both parties. Furthermore, to make up this flaw, we also provide an improved protocol in which the private key and the ephemeral secret key are closely intertwined with each other for generating the session key, thus above attack can be efficiently resisted.