In this paper, we introduce the definition of
for tripartite key agreement schemes and show that almost all of the proposed schemes are not secure under this attack. We present a new protocol which is much more efficient than the existential secure protocol  in terms of computational efficiency and transmitted data size. Moreover, our protocol is the first scheme for
which means that not only a large number of keys but also various kinds of keys can be generated by applying our scheme.