Considering a protocol of Tseng, we show that a group key agreement protocol that resists attacks by malicious insiders in the authenticated broadcast model, loses this security when it is transfered into an unauthenticated point-to-point network with the protocol compiler introduced by Katz and Yung. We develop a protocol framework that allows to transform passively secure protocols into protocols that provide security against malicious insiders and active adversaries in an unauthenticated point-to-point network and, in contrast to existing protocol compilers, does not increase the number of rounds. Our protocol particularly uses the session identifier to achieve the security. By applying the framework to the Burmester-Desmedt protocol we obtain a new 2 round protocol that is provably secure against active adversaries and malicious participants.


Active Adversary Entity Authentication Overwhelming Probability Passive Adversary Malicious Insider 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Bohli, J.-M., González Vasco, M.I., Steinwandt, R.: Secure group key establishment revisited. Cryptology ePrint Archive, Report 2005/395 (2005),
  4. 4.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably authenticated group diffie-hellman key exchange - the dynamic case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: ACM CCS, pp. 255–264. ACM Press, New York (2001)Google Scholar
  6. 6.
    Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  7. 7.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining indistinguishability-based proof models for key establishment protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585–604. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Choo, K.-K.R., Boyd, C., Hitchcock, Y., Maitland, G.: On session identifiers in provably secure protocols. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 351–366. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Choo, K.-K.R., Hitchcock, Y.: Security Requirements for Key Establishment Proof Models. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 429–442. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Gollmann, D.: Insider Fraud (Position Paper). In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 213–219. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Ingemarsson, I., Tang, D.T., Wong, C.K.: A Conference Key Distribution System. IEEE Transactions on Information Theory 28(5), 714–720 (1982)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Katz, J., Shin, J.S.: Modeling Insider Attacks on Group Key-Exchange Protocols. In: ACM CCS (2005)Google Scholar
  14. 14.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Klein, B., Otten, M., Beth, T.: Conference Key Distribution Protocols in Distributed Systems. In: Cryptography and Coding IV, pp. 225–241. IMA (1993)Google Scholar
  16. 16.
    Li, C.-H., Pieprzyk, J.: Conference key agreement from secret sharing. In: Pieprzyk, J.P., Safavi-Naini, R., Seberry, J. (eds.) ACISP 1999. LNCS, vol. 1587, pp. 64–76. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Shoup, V.: On Formal Models for Secure Key Exchange. Cryptology ePrint Archive (1999),
  18. 18.
    Steiner, M.: Secure Group Key Agreement. PhD thesis, Universität des Saarlandes (2002),
  19. 19.
    Tseng, Y.-M.: A Robust Multi-Party Key Agreement Protocol Resistant to Malicious Participants. The Computer Journal 48(4), 480–487 (2005)CrossRefGoogle Scholar
  20. 20.
    Tzeng, W.-G.: A practical and secure fault-tolerant conference-key agreement protocol. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 1–13. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Tzeng, W.-G., Tzeng, Z.-J.: Round-Efficient Conference Key Agreement Protocols with Provable Security. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 614–627. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jens-Matthias Bohli
    • 1
  1. 1.Institut für Algorithmen und Kognitive SystemeUniversität KarlsruheGermany

Personalised recommendations