The establishment of session keys for sending secret messages between an initiator and a responder is a well-studied field of research. Shoichi Hirose and Kanta Matsuura pointed out that techniques used for the authentication of these two parties might leave the responder vulnerable to a denial of service (DOS) attack by a malicious initiator. They proposed a solution that basically forces the initiator to do more computational work than the responder during the three-pass key-agreement (KA) protocol (for example, the falling together mechanism).

Hwang, Lo, and Liu propose enhancements to this KA protocol. They focus on “weak key validation,” a term not further defined in their study. They boldly claim that their enhancements avoid heavy computation, reduce bandwidth consumption, and make the protocol more efficient.

In fact, there are more data items contained in the three messages sent between parties in their proposed KAP-2 scheme than those in the Hirose-Matsuura protocol, indicating greater bandwidth consumption. It is also not clear that the responder has less computational work to do.

In order to make their work convincing, the authors need to explain these anomalies. Key terms must be defined, and stronger evidence than just sequence diagrams must be offered (namely, a simulation or formal proof). There are many instances of misspelled author names, typographical errors, improper use of words, and poor sentence structure that make this paper difficult to read.