Mobile Information Systems

Research Article

Authenticated Diffie-Hellman Key Agreement Scheme that Protects Client Anonymity and Achieves Half-Forward Secrecy

Table 1

Summary of performance comparison among two-party key agreement schemes with client anonymity.


Scheme	Ours.	Yoon-You [11]	Chien [12]	Yang et al. [10]	Wu-Hsu [14]	Wang et al. [15]

Number of steps	3	3	3	3	3	3

Length of message

Computational cost of client						+ +

Computational cost for server

Security properties	Mutual auth.	Mutual auth.	Mutual auth.	Client/server impersonation [11]	Client/server impersonation [11]	Mutual auth.

Client anonymity	Yes	Fail (Note )	Yes	Yes	Yes	Yes

Forward secrecy	Half forward secrecy	Yes	Yes	Yes	Yes	Note

NP problem	MCDHP	RSA, CDHP	RSA, CDHP	RSA, CDHP	RSA, CDHP	Note

Note : : the bit length of RSA modulus N; : the length of hash function ( and ); : the length of string representation of one elliptic curve point, and denotes the bit length of q. : the bit length of timestamp; : the length of identity; : the length of nonce.
Note : : time complexity of one elliptic curve point multiplication; : time complexity for one elliptic curve point addition; : time complexity for one XOR operation; : time complexity for one hash operation; : time complexity of one modular exponentiation; : time complexity of one modular multiplication; : time complexity of one symmetric encryption.
Note : The session key security was based on the privacy of nonce and the fixed D-H key (the fixed key ). If one private key of either the server or the client is compromised, then the long-term, fixed D-H key is compromised and one of the nonce is compromised; therefore, its security is not strong as the ECDHP.
Note : Our scheme applies hashing to protect the dynamic identity while other schemes use encryption of identity to protect anonymity; therefore, we can simplify the comparison by assuming .
Note : Chien [12] reported the failure of client anonymity of Yoon-You’s scheme [11].