Authenticated key exchange (AKE) is a very important primitive in cryptography. In the last decades, many AKE protocols appeared either in the certificate-based (cert-based) setting or in the identity-based (id-based) setting. In real applications, entities from different settings may also have the requirement to communicate with each other. Several papers have concentrated on supporting either multiple certification authorities or multiple key generation centers, but very few have considered the interoperability between the two settings. Furthermore, existing approaches are still inadequate in supporting parameters from different algebraic groups.
In this paper, we consider AKE protocols integrating cert-based and id-based settings with varied groups. Based on two extract algorithms for id-based entities, we present two AKE protocols where one entity is cert-based and the other is id-based, and the parameters of both entities come from different groups. An extended AKE security model of Chatterjee et al. and Ustaoǧlu [1, 2] is proposed to support multiple certification authorities and multiple key generation centers in which the proposed protocols are proved to be secure. Other variant protocols are also presented. Then, extensions to support forward secrecy and resistance to leakage of both ephemeral keys are provided. Finally, we present a more efficient integrating protocol than existing constructions for users who use the same group. Copyright © 2013 John Wiley & Sons, Ltd.