Abstract: Yang and Tan proposed a certificateless key agreement protocol without pairing, and claimed their scheme satisfies forward secrecy, which means no adversary could derive an established session key unless the full user secret information(including a private key and an ephemeral secret key) of both communication parties are compromised.However, we pointed out their protocol is actually not secure as claimed by presenting an attack launched by an adversary who has learned the private key of one party and the ephemeral secret key of the other, but not the full user secret keys of both parties. Furthermore, to make up this flaw, we also provided an revised protocol in which the private key and the ephemeral secret key arc closely intertwined with each other for generating the session key, thus above attack can be efficiently resisted.

Key words: Certificateless public key cryptosystem, Forward secrecy, Session key