{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T18:28:11Z","timestamp":1769797691585,"version":"3.49.0"},"reference-count":43,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T00:00:00Z","timestamp":1769558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372311; 62272458; 62272323; 62272322; 62372312"],"award-info":[{"award-number":["62372311; 62272458; 62272323; 62272322; 62372312"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Open Foundation of Key Laboratory of Cyberspace Security, Ministry of Education of China","award":["KLCS20240206"],"award-info":[{"award-number":["KLCS20240206"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The SM2 key exchange protocol, proposed by the Chinese State Cryptography Administration and adopted as a national standard, is extensively deployed in commercial applications across China. It has also been incorporated by global industrial organizations and integrated into numerous international products, such as TPM. Today, any cryptographic protocol aspiring to become widely adopted and standardized requires a rigorous security proof within a modern security model. Although Yang et al. claimed to have established such a proof for the SM2 key exchange protocol in the Bellare\u2013Rogaway (BR) model, we show that their proof is flawed. Moreover, we present a group representation attack against the SM2 key exchange protocol, illustrating that the protocol cannot be proven secure in any contemporary security models. Our findings thus delineate the security boundary of the SM2 key exchange protocol.<\/jats:p>","DOI":"10.3390\/info17020124","type":"journal-article","created":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T17:40:22Z","timestamp":1769622022000},"page":"124","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Revisiting a Proof of Security for the SM2 Key Exchange Protocol"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3246-9474","authenticated-orcid":false,"given":"Qianying","family":"Zhang","sequence":"first","affiliation":[{"name":"College of Information Engineering, Capital Normal University, Beijing 100048, China"},{"name":"Key Laboratory of Cyberspace Security, Ministry of Education of China, Zhengzhou 450002, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-2379-0767","authenticated-orcid":false,"given":"Yuting","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Information Engineering, Capital Normal University, Beijing 100048, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6801-508X","authenticated-orcid":false,"given":"Shijun","family":"Zhao","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2026,1,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Blake-Wilson, S., and Menezes, A. (1999). Unknown key-share attacks on the station-to-station (STS) protocol. Proceedings of the Public Key Cryptography, Springer.","DOI":"10.1007\/3-540-49162-7_12"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Canetti, R., and Krawczyk, H. (2002). Security analysis of IKE\u2019s signature-based key-exchange protocol. Proceedings of the 22nd Annual International Cryptology Conference (CRYPTO 2002), Springer.","DOI":"10.1007\/3-540-45708-9_10"},{"key":"ref_3","unstructured":"Dierks, T., and Rescorla, E. (2026, January 26). The Transport Layer Security (TLS) Protocol Version 1.2. Technical Report, IETF. Available online: https:\/\/www.rfc-editor.org\/info\/rfc5246."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1145\/996943.996946","article-title":"Just fast keying: Key agreement in a hostile internet","volume":"7","author":"Aiello","year":"2004","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"ref_5","first-page":"99","article-title":"On seeking smart public-key-distribution systems","volume":"69","author":"Matsumoto","year":"1986","journal-title":"IEICE Trans."},{"key":"ref_6","unstructured":"Menezes, A., Qu, M., and Vanstone, S. (1995, January 18\u201319). Some new key agreement protocols providing implicit authentication. Proceedings of the Second Workshop on Selected Areas in Cryptography (SAC 95), Ottawa, ON, Canada."},{"key":"ref_7","unstructured":"NIST (2026, January 26). KEA Algorithm Specifications, Available online: https:\/\/csrc.nist.gov\/presentations\/1998\/skipjack-and-kea-algorithm-specifications."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1023\/A:1022595222606","article-title":"An efficient protocol for authenticated key agreement","volume":"28","author":"Law","year":"2003","journal-title":"Des. Codes Cryptogr."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Jeong, I.R., Katz, J., and Lee, D.H. (2004). One-round protocols for two-party authenticated key exchange. Proceedings of the Applied Cryptography and Network Security, Springer.","DOI":"10.1007\/978-3-540-24852-1_16"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Krawczyk, H. (2005). HMQV: A high-performance secure Diffie-Hellman protocol. Proceedings of the Advances in Cryptology\u2014CRYPTO 2005, Springer.","DOI":"10.1007\/11535218_33"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Lauter, K., and Mityagin, A. (2006). Security analysis of KEA authenticated key exchange protocol. Proceedings of the Public Key Cryptography\u2014PKC 2006, Springer.","DOI":"10.1007\/11745853_25"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"LaMacchia, B., Lauter, K., and Mityagin, A. (2007). Stronger security of authenticated key exchange. Proceedings of the Provable Security, Springer.","DOI":"10.1007\/978-3-540-75670-5_1"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"329","DOI":"10.1007\/s10623-007-9159-1","article-title":"Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS","volume":"46","author":"Ustaoglu","year":"2008","journal-title":"Des. Codes Cryptogr."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gennaro, R., Krawczyk, H., and Rabin, T. (2010). Okamoto-Tanaka revisited: Fully authenticated Diffie-Hellman with minimal overhead. Proceedings of the Applied Cryptography and Network Security, Springer.","DOI":"10.1007\/978-3-642-13708-2_19"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Xu, J., and Feng, D. (2011). Comments on the SM2 key exchange protocol. Cryptology and Network Security, Springer.","DOI":"10.1007\/978-3-642-25513-7_12"},{"key":"ref_16","unstructured":"Yao, A.C., and Zhao, Y. (2026, January 26). A New Family of Implicitly Authenticated Diffie-Hellman Protocols. Technical Report, Cryptology ePrint Archive. Available online: https:\/\/eprint.iacr.org\/2011\/035."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Yao, A.C., and Zhao, Y. (2013, January 4\u20138). OAKE: A new family of implicitly authenticated diffie-hellman protocols. Proceedings of the the 20th ACM SIGSAC Conference on Computer and Communications Security (CCS), Berlin, Germany.","DOI":"10.1145\/2508859.2516695"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"7862","DOI":"10.1109\/TWC.2023.3257028","article-title":"A lightweight authentication and key exchange protocol for IoT","volume":"22","author":"Rabiah","year":"2023","journal-title":"IEEE Trans. Wirel. Commun."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"18355","DOI":"10.1007\/s11042-017-5560-6","article-title":"Signature-based three-factor authenticated key exchange for internet of things applications","volume":"77","author":"Jia","year":"2018","journal-title":"Multimed. Tools Appl."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/IJERTCS.2020070101","article-title":"TAKE-IoT: Tiny authenticated key exchange protocol for the internet of things","volume":"11","author":"Khelf","year":"2020","journal-title":"Int. J. Embed. Real-Time Commun. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3643867","article-title":"Authentication, authorization, access control, and key exchange in Internet of Things","volume":"5","author":"Simsek","year":"2024","journal-title":"ACM Trans. Internet Things"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Peivandizadeh, A., Y. Adarbah, H., Molavi, B., Mohajerzadeh, A., and H. Al-Badi, A. (2024). A secure key exchange and authentication scheme for securing communications in the Internet of Things environment. Future Internet, 16.","DOI":"10.3390\/fi16100357"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"101539","DOI":"10.1016\/j.iot.2025.101539","article-title":"Lightweight authenticated key exchange for low-power IoT networks using EDHOC","volume":"31","year":"2025","journal-title":"Internet Things"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"39709","DOI":"10.1109\/JIOT.2024.3450959","article-title":"Cake-puf: A collaborative authentication and key exchange protocol based on physically unclonable functions for industrial internet of things","volume":"11","author":"Fan","year":"2024","journal-title":"IEEE Internet Things J."},{"key":"ref_25","first-page":"4167","article-title":"Lattice-based device-to-device authentication and key exchange protocol for IoT system","volume":"16","author":"Sarkar","year":"2024","journal-title":"Int. J. Inf. Technol."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"104310","DOI":"10.1016\/j.cose.2024.104310","article-title":"Current research on Internet of Things (IoT) security protocols: A survey","volume":"151","author":"Mishra","year":"2025","journal-title":"Comput. Secur."},{"key":"ref_27","unstructured":"Snook, M. (2016). Quantum Resistant Authenticated Key Exchange from Ideal Lattices. [Ph.D Thesis, University of Cincinnati]."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1016\/j.comcom.2023.11.010","article-title":"Quantum-resistant transport layer security","volume":"213","author":"Garcia","year":"2024","journal-title":"Comput. Commun."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Xia, T., Wang, M., He, J., Yang, G., Fan, L., and Wei, G. (2024). A quantum-resistant identity authentication and key agreement scheme for uav networks based on kyber algorithm. Drones, 8.","DOI":"10.3390\/drones8080359"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"27588","DOI":"10.1109\/ACCESS.2021.3058180","article-title":"Quantum-resistant lightweight authentication and key agreement protocol for fog-based microgrids","volume":"9","author":"Lu","year":"2021","journal-title":"IEEE Access"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Wang, W., and Tan, S.F. (2025, January 10\u201312). Quantum Resistant Authentication and Key Agreement Protocol (AKA) for Autonomous Vehichle. Proceedings of the 5th International Conference on Neural Networks, Information and Communication Engineering (NNICE), Guangzhou, China.","DOI":"10.1109\/NNICE64954.2025.11064484"},{"key":"ref_32","unstructured":"(2017). Information Security Technology\u2014SM2 Cryptographic Algorithm Usage Specification (Standard No. GB\/T 35276-2017)."},{"key":"ref_33","unstructured":"(2016). Information Security Technology\u2014Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves\u2014Part 1: General (Standard No. GB\/T 32918.1-2016)."},{"key":"ref_34","unstructured":"(2016). Information Security Technology\u2014Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves\u2014Part 3: Key Exchange Protocol (Standard No. GB\/T 32918.3-2016)."},{"key":"ref_35","unstructured":"TCG (2026, January 26). Trusted Platform Module Library Part 1: Architecture. Family 2.0, Level 00 Revision 01.38. Available online: https:\/\/trustedcomputinggroup.org\/wp-content\/uploads\/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf."},{"key":"ref_36","unstructured":"ORACLE (2026, January 26). Java Card Platform, Version 3.1. Available online: https:\/\/docs.oracle.com\/en\/java\/javacard\/3.1\/specnotes\/index.html."},{"key":"ref_37","unstructured":"Internet Engineering Task Force (2026, January 26). SM2 Digital Signature Algorithm. Available online: https:\/\/tools.ietf.org\/id\/draft-shen-sm2-ecdsa-02.txt."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"825984","DOI":"10.1155\/2014\/825984","article-title":"Provably-Secure (Chinese Government) SM2 and Simplified SM2 Key Exchange Protocols","volume":"2014","author":"Yang","year":"2014","journal-title":"Sci. World J."},{"key":"ref_39","unstructured":"Bellare, M., and Rogaway, P. (1993). Entity authentication and key distribution. Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO), Springer."},{"key":"ref_40","unstructured":"Bellare, M., and Rogaway, P. (June, January 29). Provably secure session key distribution: The three party case. Proceedings of the 27th Annual ACM Symposium on Theory of Computing, Las Vegas, NV, USA."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Zhao, S., and Zhang, Q. (2015). A Unified Security Analysis of Two-phase Key Exchange Protocols in TPM 2.0. Proceedings of the International Conference on Trust and Trustworthy Computing, Springer.","DOI":"10.1007\/978-3-319-22846-4_3"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"107369","DOI":"10.1016\/j.comnet.2020.107369","article-title":"A comprehensive formal security analysis and revision of the two-phase key exchange primitive of TPM 2.0","volume":"179","author":"Zhang","year":"2020","journal-title":"Comput. Netw."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"431","DOI":"10.1002\/ett.4460050406","article-title":"Cryptographic hash functions","volume":"5","author":"Preneel","year":"1994","journal-title":"Eur. Trans. Telecommun."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/2\/124\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T05:14:10Z","timestamp":1769750050000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/2\/124"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,28]]},"references-count":43,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["info17020124"],"URL":"https:\/\/doi.org\/10.3390\/info17020124","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,28]]}}}