Skip to Main Content
Recently, Han-Chang showed that Xiao-Liao-Deng's key agreement protocol based on chaotic maps is vulnerable to man-in-the-middle attack and proposed two improved schemes. One works in clock synchronization, and the other can work without synchronization. They claimed that their schemes are secure against replaying attacks and can establish a shared session key. However, we point out that all the aforementioned schemes are Non-contributory, i.e. the malicious party can predetermine the shared session key by the vice of several Chebyshev polynomials passing through the same point. In particular, we demonstrate that the asynchronous key agreement protocol can't resist replaying attack. Therefore, the use of these schemes for secure applications may be discouraged.