Vulnerability of two multiple-key agreement protocols

In 2008, Lee et al. proposed two multiple-key agreement protocols, first one based on elliptic curve cryptography (ECC) and the other one, based on bilinear pairings. Shortly after publication, Vo et al. showed that the Lee–Wu–Wang’s pairing-based protocol is vulnerable to impersonation attack then for removing the problem, they proposed an improved protocol. In this paper, first We show that the Lee–Wu–Wang’s ECC-based protocol is insecure against forgery attack and also, if long-term private keys of two entities and one key of the session keys are revealed, the other session keys are exposed too. Then, we demonstrate that the Vo–Lee–Yeun–Kim’s protocol is vulnerable to another kind of forgery attacks and a reflection attack.