On the Security of Girault Key Agreement Protocols against Active Attacks

Soo Hyun Oh, Masahiro Mambo, Hiroki Shizuya, Dong Ho Won

    Research output: Contribution to journalReview articlepeer-review

    1 Citation (Scopus)


    In 1991 Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of the original and variants of Girault key agreement protocol under several kinds of active attacker models. In particular we show that protocols are either insecure or proven as secure as the Diffie-Hellman problem over Zn with respect to the reduction among functions of computing them. Analyzed protocols include a new variant of 1-pass protocol. As opposed to the original 1-pass protocol, the new variant provides mutual implicit key authentication without increasing the number of passes.

    Original languageEnglish
    Pages (from-to)1181-1189
    Number of pages9
    JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
    Issue number5
    Publication statusPublished - 2003 May


    • Girault key agreement protocol
    • Reduction
    • Self-certified public key

    ASJC Scopus subject areas

    • Signal Processing
    • Computer Graphics and Computer-Aided Design
    • Electrical and Electronic Engineering
    • Applied Mathematics


    Dive into the research topics of 'On the Security of Girault Key Agreement Protocols against Active Attacks'. Together they form a unique fingerprint.

    Cite this