Key Agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated Key Agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a Public Key Infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the so-called key escrow problem. Recently, certificateless cryptography was introduced to mitigate these limitations.