TAKAP: A Lightweight Three-Party Authenticated Key Agreement Protocol with User Anonymity

The three-party authenticated key agreement protocol is a significant cryptographic mechanism for secure communication, which encourages two entities to authenticate each other and generate a shared session key with the assistance of a trusted party (remote server) via a public channel. Recently, Wang et al. put forward a three-party key agreement protocol with user anonymity and alleged that their protocol is able to resist all kinds of attacks and provide multifarious security features in Computer Engineering & Science, No.3, 2018. Unfortunately, we show that Wang et al.’s protocol is vulnerable to the password guessing attack and fails to satisfy user anonymity and perfect secrecy. To solve the aforementioned problems, a lightweight chaotic map-based Three-party authenticated key agreement protocol (short for TAKAP) is proposed, which not only could provide privacy protection but also resist a wide variety of security attacks. Furthermore, it is formally proved under Burrows-Abadi-Needham (BAN) logic. Simultaneously, the performance analysis in this paper demonstrates that the proposed TAKAP protocol is more secure and efficient compared with other relevant protocols.