Two new authenticated key agreement protocols in the certificateless setting are presented in this paper. Both are proved secure in the extended Canetti-Krawczyk model, under the BDH assumption. The first one is more efficient than the Lippold et al.'s (LBG) protocol, and is proved secure in the same security model. The second protocol is proved secure under the Swanson et al.'s security model, a weaker model. As far as we know, our second proposed protocol is the first one proved secure in the Swanson et al.'s security model. If no pre-computations are done, the first protocol is about 26% faster than LBG, and the second protocol is about 49% faster than LBG, and about 31% faster than the first one. If pre-computations of some operations are done, our two protocols remain faster.

The purpose of this paper is to study sender authenticated key agreements by a third party, which uses the received parameters to verify the fact that a sender of a message knows his long-term private key. In particular, we propose a standard model for the protocol among three entities for the first time. The security of this protocol depends on the difficulty of solving two new problems related to one-way isomorphisms and the decision co-bilinear Diffie-Hellman problem on multiplicative cyclic groups. It is the first time that the security of a key agreement has been formally proven by using negligible probability. We believe that our contribution gives many applications in the cryptographic community.

We present IND-ID-CPA secure identity-based encryption (IBE) schemes with tight reductions to the bilinear Diffie-Hellman (BDH) problem. Since the methods for obtaining IND-ID-CCA secure schemes from IND-ID-CPA secure schemes with tight reductions are already known, we can consequently obtain IND-ID-CCA secure schemes with tight reductions to the BDH problem. Our constructions are based on IBE schemes with tight reductions to the list bilinear Diffie-Hellman (LBDH) problem, and the schemes are converted to those with tight reductions to the BDH problem. Interestingly, it can be shown that there exists a black box construction, in which the former IBE schemes are given as black boxes. Our constructions are very simple and reasonably efficient.