Abstract
Recently, Cao et al. [Mod. Phys. Lett. A 34, 1950332 (2019)] presented a two-party quantum key agreement scheme using the five-qubit Brown states and the decoy protocol. They also extended their scheme to the multiparty case, and it was compared with existing works. The authors also introduced the security analysis that proves the security of their protocol against outsider and insider attacks. However, this work shows that the quantum Cao et al. [Mod. Phys. Lett. A 34, 1950332 (2019)] protocol fails to fulfill one of the most significant conditions of the quantum key agreement, which is fairness. The computed final key by the users does not have the same level of security, and the protection of users' private data is not maintained equally. Finally, an improved version of Cao et al.'s protocol has been suggested.