On the separation between the FHMQV and HMQV protocols
The HMQV protocol is under consideration for IEEE P1363 standardisation. We provide a complementary analysis of the HMQV(-C) protocol. Namely, we point out a key compromise impersonation and a man-in-the-middle attack in the case of a static private key leakage, showing that the HMQV(-C) protocols cannot achieve their security goals. Next, we revisit the FHMQV building blocks, design and security arguments. We clarify the security and efficiency separation between HMQV and FHMQV, showing the advantages of FHMQV over HMQV.