Authenticated Key Agreement Scheme with Privacy-Protection in the Three-party Setting

Going along with the rapid development of web technologies, in some applications on demands, partners or staffs may make a great quantity of web transactions or personal communications anytime and anywhere. However, the partners could be distributed over different network domains. They require a communal trusted third party to help them establish a shared session key for future communications. In addition, from the privacy or security point of view, the partners hope that their transactions patterns or movements are not recorded from any external eavesdropper. However, this privacy issue has never been addressed in previous literature. In this paper, we first propose a three-party key agreement scheme to construct a secure transaction mechanism with privacy protection. In our scheme, the major merits include: (1) prevention of some known attacks; (2) satisfaction of the perfect forward secrecy; (3) security against the session state reveal; (4) privacy protection; (5) no sensitive verifier table; and (6) low communication and computation cost.