For an ID-based key exchange (KE) protocol, KGS forward secrecy is about the protection of previously established session keys after the master secret key of the Key Generation Server (KGS) is compromised. This is the strongest notion of forward secrecy that one can provide for an ID-based KE protocol. Among all the comparable protocols, there are only a few of them that provide this level of forward secrecy, and all of these protocols require expensive bilinear pairing operations and map-to-point hash operations that may not be suitable for implementation on low-power devices such as sensors. In this paper, we propose a new ID-based KE protocol which does not need any pairing or map-to-point hash operations. It also supports the strongest KGS forward secrecy. On its performance, we show that it is faster than previously proposed protocols in this category. Our protocol is a signature-based one, in which the signature scheme is a variant of a scheme proposed by Bellare et al. in Eurocrypt 2004. We show that the variant we proposed is secure, and also requires either less storage space or runtime computation than the original scheme.
A preliminary version appears in the Proc. of the First Workshop on Internet and Network Economics (WINE 2005) [R.W. Zhu, G. Yang, D.S. Wong, An efficient identity-based key exchange protocol with KGS forward secrecy for low-power devices, in: Internet and Network Economics: First International Workshop, WINE 2005, in: LNCS, vol. 3828, Springer-Verlag, 2005, pp. 500–509].
