A key agreement protocol between a pair of entities wherein the entities have a long term private key, a long term public key generated using said private key and a generator point, and an identity. The protocol comprises: generating a session private key and corresponding session public key for each entity; communicating to the other entity, each entity's session public key; obtaining the identifier of the both entities; generating a common value comprising the session public key of both entities and the identities of each entity. The protocol further comprises generating for each entity: a respective secret value comprising combining the common value with the entity's session private key and long term private key; an ephemeral value comprising combining the session public key of the other entity, the common value and the long term public key of the other entity; a shared secret from the entity's secret value and the ephemeral value.
