Cryptanalysis of LHL-key authentication scheme

摘要

It is proved that the LHL-key authentication scheme, proposed by Lee, Hwang and Li [Appl. Math. Comput. 139 (2003) 343], is insecure. The user's private key can be obtained easily from the user's public key certificate, hence compromising all the enciphered communications. In addition, the certificate validation process proposed in the same work is not a suitable one, as any certificate (valid or not) satisfies the verification equation. A slight modification is pointed out to overcome this severe weakness.