A privacy-preserving certificateless two-party authenticated key exchange protocol without bilinear pairing for mobile-commerce applications

In recent times, several three-party authenticated key exchange (3PAKE) and two-party authenticated key exchange (2PAKE) protocols have been proposed to establish secret session key for confidentiality of transactions among clients in mobile commerce (m-commerce) environments. However, the involvement of a trusted server (TS) in every communication as well as the numerous communication rounds and many message exchanges in 3PAKE make them unsuitable for m-commerce applications. In this work, we propose an efficient and privacy-preserving 2PAKE protocol based on certificateless public key cryptography using elliptic curve cryptography with only one communication round and one message exchange between two clients. The protocol is provably secure, autonomous and provides conditional, location and identity privacies. The performance analysis shows that the proposed protocol has better efficiency than the existing related protocols in terms of computation cost and communication overheads. © 2019, © 2019 Informa UK Limited, trading as Taylor & Francis Group.