The Security analysis of Self-certified public key based Key agreement protocols against Active Attacks

Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security analysis of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of key agreement protocols based on self-certified public key. We use reduction among functions for security analysis and consider several kinds of active attacker models such as active impersonation attack, key-compromise impersonation attack, forward secrecy and known key security.