A way to prevent the attack is to add to the acknowledgement a unique identifier of the registration. The random number used in the GQ verification is the right candidate. This number is meant to be different at each registration. Its integration into the signature of the fourth message will allow the user to check its freshness. Here is the corrected version of our registration protocol:
Aldebaran states that all the properties, including P4, are fulfilled with this version. Hence, the mutual authentication and the transmission of the public key succeed despite the attempts of the intruder.