Wang, S.Cao, Z.Cheng, Z.Choo, K.K.R.2025-12-172025-12-172009Science China Information Sciences, 2009; 52(8):1358-13701674-733X1862-2836https://hdl.handle.net/1959.8/135021There are several essential features in key agreement protocols such as key escrow (essential when con¯dentiality, audit trail and legal interception are required) and perfect forward secrecy (i.e., the security of a session key estab- lished between two or more entities is guaranteed even when the private keys of the entities are compromised). Majority of the existing escrowable identity-based key agreement protocols, however, only provide partial forward secrecy. Therefore, such protocols are unsuitable for real-word applications that require a stronger sense of forward secrecy | perfect forward secrecy. In this paper, we propose an e±cient perfect forward secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Di±e-Hellman (GBDH) problem. Security proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. We note, however, that many existing security proofs of previously published identity-based protocols entail lengthy and compli- cated mathematical proofs. In this paper, our proof adopts a modular approach and, hence, simpler to follow.enCopyright 2009 Science in China Press, published by Springerauthenticated key agreementperfect forward secrecybilinear pairingprovable securitymodular security proofJournal article10.1007/s11432-009-0135-42-s2.0-70349235705