• 1
    Diffie W, Hellman ME. New directions in cryptography. IEEE Transactions on Information Theory 1976; 22:644654.
  • 2
    Stinson D. Cryptography: Theory and Practice (3rd edn). Chapman & Hall/CRC: New York, 2006.
  • 3
    Lim CH, Lee PJ. A key recovery attack on discrete log-based schemes using a prime order subgroup. Crypto '97, LNCS 1295, 1997; 249263.
  • 4
    Menezes AJ, van Oorschot PC, Vanstone SA. Handbook of Applied Cryptography. CRC Press: New York, 1996.
  • 5
    Anderson RJ. Security Engineering: a Guide to Building Dependable Distributed Systems (2nd edn). Wiley: New York, 2008.
  • 6
    Jablon D. Strong password-only authenticated key exchange. ACM Computer Communication Review 1996; 26(5):526.
  • 7
    Bellovin S, Merritt M. Encrypted key exchange: password-based protocols secure against dictionary attacks. Proceedings of the IEEE Symposium on Research in Security and Privacy, May 1992.
  • 8
    Hao F, Ryan P. Password authenticated key exchange by juggling. The 16th International Workshop on Security Protocols, SPW'08, Cambridge, UK, May 2008.
  • 9
    Krawczyk H. HMQV: a high-performance secure Diffie–Hellman protocol. Advances in Cryptology—CRYPTO 2005, LNCS 3621, 2005; 546566. A longer version available at: .
  • 10
    Lauter K, Mityagin A. Security analysis of KEA authenticated key exchange protocol. PKC'06, LNCS 3958, 2006; 378394.
  • 11
    Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels. Eurocrypt'01, 2001;453474.
  • 12
    LaMacchia B, Lauter K, Mityagin A. Stronger security of authenticated key exchange. Provable Security, LNCS 4784 2007; 116.
  • 13
    Law L, Menezes A, Qu M, Solinas J, Vanstone S. An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 2003; 28(2):119134.
  • 14
    Anderson RJ, Needham R. Robustness principles for public key protocols. Crypto'95, LNCS 963, 1995; 236247.
  • 15
    Diffie W, van Oorschot PC, Wiener MJ. Authentication and authenticated key exchanges. Designs, Codes and Cryptography 1992:107125.
  • 16
    Cremers CJF. Session-state reveal is stronger than ephemeral key reveal: attacking the NAXOS authenticated key exchange protocol. ACNS'09, LNCS 5536, 2009; 2033.
  • 17
    Ustaoglu B. Comparing SessionStateReveal and EphemeralKeyReveal for Diffie–Hellman protocols. The Provable Security Conference, ProvSec'09, LNCS, Nov 2009.
  • 18
    Menezes A, Ustaoglu B. On the importance of public-key validation in the MQV and HMQV key agreement protocols. INDOCRYPT'06, LNCS 4329, 2006; 133147.
  • 19
    Menezes A, Ustaoglu B. Comparing the pre- and post-specified peer models for key agreement. Information Security and Privacy, LNCS 2008; 5107:5368.
  • 20
    Krawczyk H. HMQV in IEEE P1363. Submission to the IEEE P1363 Standardization Working Group, 7 July, 2006. Available at:
  • 21
    IEEE P1363 Standard Specifications for Public-Key Cryptography. Available at:
  • 22
    Ustaoglu B. Obtaining a secure and efficient key agreement protocol for (H)MQV and NAXOS. Designs, Codes and Cryptography 2008; 46(3):329342.
  • 23
    Mitchell C. Security for Mobility. The Institution of Electrical Engineers: London, 2004.
  • 24
    Schnorr CP. Efficient signature generation by smart cards. Journal of Cryptology 1991; 4(3):161174.
  • 25
    Kaliski B. An unknown key-sharing attack on the MQV key agreement protocol. ACM Transactions on Information and System Security 2001; 4(3):275288.
  • 26
    Bao F, Deng RH, Zhu H. Variations of Diffie–Hellman problem. Proceeding of Information and Communication Security, LNCS 2836, 2003; 301312.
  • 27
    Boyd C, Mathuria A. Protocols for authentication and key establishment. Springer-Verlag: Berlin, 2003.
  • 28
    Goldreich O, Micali S, Wigderson A. How to play any mental game or a completeness theorem for protocols with honest majority. Proceedings of the nineteenth annual ACM Conference on Theory of Computing, 1987; 218229.
  • 29
    Bellare M, Canetti R, Krawczyk H. A modular approach to the design and analysis of authentication and key exchange protocols. Proceedings of the thirtieth annual ACM symposium on Theory of Computing, 1998; 419428.