An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity



Recently, Li proposed an authenticated key exchange (AKE) scheme based on elliptic curve cryptosystem with smart cards in two versions. We point out that the two versions of Li's scheme are not secure and then we present an improved authentication scheme to overcome general disadvantages. Also, we deem that the notion of forward security is old for modern AKE schemes based on smart cards and enhance it as strong forward security. We prove that our scheme is secure with a formal security model containing the feature of strong forward security. Then, via the concrete security analysis and comparison, our scheme resists common attacks and has general security characters. Compared with other schemes, our scheme has low time, storage, and communication cost. It is suitable for communicating applications in network. Copyright © 2014 John Wiley & Sons, Ltd.