In recent years, many identity-based key agreement protocols from pairings have been proposed. However, the security of this type of protocols has been surprisingly difficult to prove. This paper presented a method incorporating a built-in decisional function in this type of protocols, which enables us for the first time to prove a range of security attributes of several protocols based on the weakest possible assumptions. This work also demonstrated the importance of the message membership check and presented methods to do so. The work has serious potential impact on the standardisation of this type of protocols, for example IEEE P1363.3
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.