On the Security of Wang's Provably Secure Identity-based Key Agreement Protocol

Abstract: In a 2005 IACR report, Wang published an efficient identity-based key agreement protocol (IDAK) suitable for resource constrained devices. The author shows that the IDAK key agreement protocol is secure in the Bellare-Rogaway model with random oracles and also provides separate ad-hoc security proofs claiming that the IDAK protocol is not vulnerable to Key Compromise Impersonation attacks and also enjoys Perfect Forward Secrecy (PFS). In this report, we review the security properties of the protocol and point out that it is vulnerable to Unknown Key Share attacks. Although such attacks are often difficult to setup in a real world environment they are nevertheless interesting from a theoretical point of view so we provide a version of the protocol that fixes the problem in a standard way. We also provide a security proof of the IDAK protocol based on the Gap Bilinear Diffie Hellman and random oracle assumptions in the stronger extended Canetti-Krawczyk security model of distributed computing.