Recently, Yen and Joye showed that Harn and Lin's authenticated multiple-key agreement protocol is insecure against forgery and consequently proposed a revised protocol to repair it. Later, Wu et al. showed that Yen and Joye's revision is also insecure and therefore an improved protocol was proposed. However, Wu et al.'s protocol violates the original requirement in which no one-way hash function is needed. On the other hand, in order to overcome Yen and Joye's and Wu et al.'s attacks, Harn and Lin proposed a modified version by modifying the signature signing equation. But the modified version increases one exponentiation in the verification equation. In this paper, we first show that Wu et al.'s protocol still suffers the forgery problem, and then we propose an improved scheme that is secure against forgery and does not involve any one-way hash function. Compared with Harn and Lin's modified version, our scheme is efficient in the verification equation.
