A Two-Party Authenticated Key Agreement (2-PAKA) protocol facilitates two communicating entities to equally contribute to the establishment of a shared session key. IDentity-based 2-PAKA (ID-2-PAKA) protocols are widely researched, since it eliminates the need for explicit public-key verification using digital certificates. Over the years, ID-2-PAKA protocols with perfect forward secrecy and Key Generation Center forward secrecy were devised, to circumvent the inherent key escrows in identity based cryptosystems. Nevertheless, cryptanalysis of the recent ID-2-PAKA schemes reveals that many of the protocols are insecure. We reconstruct the possible attacks against the schemes and propose a secure escrowless pairing-free ID-2-PAKA protocol. The proposed scheme is proven secure in the modified extended Canetti-Krawczyk model, which captures all the desirable security attributes of ID-2-PAKA protocols, including, public key replacement attack resilience. Comparative analysis of the protocol with other pairing-free ID-2-PAKA schemes suggests that the proposed scheme offers a fine trade-off between efficiency and security.

双向认证密钥协议（2-PAKA）协议有助于两个通信实体平等地参与建立共享会话密钥。基于身份的2-PAKA（ID-2-PAKA）协议得到了广泛的研究，因为它消除了使用数字证书进行显式公钥验证的需要。多年以来，人们设计了具有完美前向保密性和密钥生成中心前向保密性的ID-2-PAKA协议，以规避基于身份的密码系统中固有的密钥托管。但是，对最近的ID-2-PAKA方案进行的密码分析表明，许多协议都不安全。我们重构了对方案的可能攻击，并提出了一种安全的无托管无配对ID-2-PAKA协议。改进的Canetti-Krawczyk扩展模型证明了该方案的安全性，它捕获了ID-2-PAKA协议的所有理想安全属性，包括公钥替换攻击的恢复能力。对协议与其他免配对ID-2-PAKA方案的比较分析表明，所提出的方案在效率和安全性之间进行了很好的权衡。