Comparison with Existing Protocols Sample Clauses

Comparison with Existing Protocols. Table 1 describes the summary of comparison between several two-party ID-based protocols with two message flows. M denotes scalar-point multiplication, H denotes MapToPoint function [5] hashing identity to a point on an elliptic curve, and P denotes pairing. Off-line computation can be pre-computed before the execution of the protocol, which includes public key derivation. Note that pairings are expensive and should be avoided whenever possible. MapToPoint is slightly more expensive but its cost is still comparable with that of scalar- point multiplication. The notation wBR denotes a restricted variant of the BR model whereby Session-Key Reveal query is not supported, FS denotes user forward secrecy while wKGC denotes weak KGC forward secrecy, and KCIR denotes key compromise impersonation resistance. As shown in Table 1, among the “unbroken” ID-based protocols that provide: KCIR and FS (not KGC-FS). Our protocol described in Figure 2 and ▇▇▇▇’▇ protocol [35] are the most efficient. However, our protocol is based on a milder assumption and yet proven secure in a stronger model, which makes it more attractive than that of ▇▇▇▇’▇. KCIR and KGC-FS. Although our protocol described in Figure 3 is a bit less efficient as that of ▇▇▇▇ and ▇▇▇▇▇ [10] protocol #2’, our protocol is proven secure in a stronger model (allowing the adversary to ask the Session-State Reveal query).