Cryptanalysis of a strongly secure authenticated key exchange protocol

In the 15th (2012) IACR international conference on practice and theory of Public-Key Cryptography (PKC), Fujioka et al. proposed a generic construction of Authenticated Key Exchange (AKE) from a Key Encapsulation Mechanism (KEM), which is called the GC protocol and is proven to be secure in the CK+ security model. In this paper, it is pointed out by cryptanalysis that the GC protocol is not CK+ secure. Concrete attacks in which the outside adversary, without knowing the static or ephemeral keys of the users, imitates a valid user are also given. Further, the errors in the original security proof are analyzed.