The SM2 key exchange protocol, proposed by the Chinese State Cryptography Administration and adopted as a national standard, is extensively deployed in commercial applications across China. It has also been incorporated by global industrial organizations and integrated into numerous international products, such as TPM. Today, any cryptographic protocol aspiring to become widely adopted and standardized requires a rigorous security proof within a modern security model. Although Yang et al. claimed to have established such a proof for the SM2 key exchange protocol in the Bellare–Rogaway (BR) model, we show that their proof is flawed. Moreover, we present a group representation attack against the SM2 key exchange protocol, illustrating that the protocol cannot be proven secure in any contemporary security models. Our findings thus delineate the security boundary of the SM2 key exchange protocol.
Zhang et al. (Wed,) studied this question.