Abstract
We consider the fundamental problem of authenticated group key exchange among n parties within a larger and insecure public network. A number of solutions to this problem have been proposed; however, all provably-secure solutions thus far are not scalable and, in particular, require n rounds. Our main contribution is the first scalable protocol for this problem along with a rigorous proof of security in the standard model under the DDH assumption; our protocol uses a constant number of rounds and requires only O(1) modular exponentiations per user (for key derivation). Toward this goal and of independent interest, we first present a scalable compiler that transforms any group key-exchange protocol secure against a passive eavesdropper to an authenticated protocol which is secure against an active adversary who controls all communication in the network. This compiler adds only one round and O(1) communication (per user) to the original scheme. We then prove secure — against a passive adversary — a variant of the two-round group key-exchange protocol of Burmester and Desmedt. Applying our compiler to this protocol results in a provably-secure three-round protocol for authenticated group key exchange which also achieves forward secrecy.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
References
Al-Riyami, S.S., Paterson, K.G.: Tripartite Authenticated Key Agreement Protocols from Pairings, Available at http://eprint.iacr.org/2002/035/
Ateniese, G., Steiner, M., Tsudik, G.: Authenticated Group Key Agreement and Friends. In: ACM CCCS 1998 (1998)
Ateniese, G., Steiner, M., Tsudik, G.: New Multi-Party Authentication Services and Key Agreement Protocols. IEEE Journal on Selected Areas in Communications 18(4), 628–639 (2000)
Bellare, M., Canetti, R., Krawczyk, H.: A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. In: STOC 1998 (1998)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 139. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellare, M., Rogaway, P.: Provably-Secure Session Key Distribution: the Three Party Case. In: STOC 1995 (1995)
Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., Yung, M.: Systematic Design of Two-Party Authentication Protocols. IEEE J. on Selected Areas in Communications 11(5), 679–693 (1993); A preliminary version appeared in Crypto 1991
Boyd, C.: On Key Agreement and Conference Key Agreement. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, Springer, Heidelberg (1997)
Boyd, C., Nieto, J.M.G.: Round-Optimal Contributory Conference Key Agreement. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 161–174. Springer, Heidelberg (2002)
Bresson, E., Chevassut, O., Pointcheval, D.: Provably Authenticated Group Diffie-Hellman Key Exchange — The Dynamic Case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 290. Springer, Heidelberg (2001)
Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 321. Springer, Heidelberg (2002)
Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: ACM CCCS 2001 (2001)
Burmester, M., Desmedt, Y.: A Secure and Efficient Conference Key Distribution System. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)
Canetti, R., Krawczyk, H.: Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 453. Springer, Heidelberg (2001)
Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 337. Springer, Heidelberg (2002)
Canetti, R., Krawczyk, H.: Security Analysis of IKE’s Signature-Based Key- Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 143. Springer, Heidelberg (2002)
Desmedt, Y.: Personal communication (including a copy of the pre-proceedings version of [14]) (March 2003)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Diffie, W., van Oorschot, P., Wiener, M.: Authentication and Authenticated Key Exchanges. Designs, Codes, and Cryptography 2(2), 107–125 (1992)
Fischer, M., Lynch, N., Patterson, M.: Impossibility of Distributed Consensus with One Faulty Process. J. ACM 32(2), 374–382 (1985)
Ingemarsson, I., Tang, D.T., Wong, C.K.: A Conference Key Distribution System. IEEE Transactions on Information Theory 28(5), 714–720 (1982)
Joux, A.: A One Round Protocol for Tripartite Diffie Hellman. In: ANTS 2000(2000)
Just, M., Vaudenay, S.: Authenticated Multi-Party Key Agreement. In: ASIACRYPT 1996. LNCS, vol. 1163. Springer, Heidelberg (1996)
Krawczyk, H.: SKEME: A Versatile Secure Key-Exchange Mechanism for the Internet. In: Proceedings of the Internet Society Symposium on Network and Distributed System Security, Febrauary 1996, pp. 114–127 (1996)
Lee, H.-K., Lee, H.-S., Lee, Y.-R.: Multi-Party Authenticated Key Agreement Protocols from Multilinear Forms, Available at http://eprint.iacr.org/2002/166/
Lee, H.-K., Lee, H.-S., Lee, Y.-R.: An Authenticated Group Key Agreement Protocol on Braid groups, Available at http://eprint.iacr.org/2003/018/
Mayer, A., Yung, M.: Secure Protocol Transformation via “Expansion”: From Two-Party to Groups. In: ACM CCCS 1999 (1999)
Pereira, O., Quisquater, J.-J.: A Security Analysis of the Cliques Protocol Suites. In: IEEE Computer Security Foundations Workshop (June 2001)
Shoup, V.: On Formal Models for Secure Key Exchange. Draft (1999), Available at http://eprint.iacr.org/1999/012
Tzeng, W.-G.: A Practical and Secure Fault-Tolerant Conference Key Agreement Protocol. In: PKC 2000 (2000)
Steiner, M., Tsudik, G., Waidner, M.: Key Agreement in Dynamic Peer Groups. IEEE Trans. on Parallel and Distributed Systems 11(8), 769–780 (2000); A preliminary version appeared in ACM CCCS 1996
Tzeng, W.-G., Tzeng, Z.-J.: Round Efficient Conference Key Agreement Protocols with Provable Security. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 614. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Katz, J., Yung, M. (2003). Scalable Protocols for Authenticated Group Key Exchange. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-45146-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40674-7
Online ISBN: 978-3-540-45146-4
eBook Packages: Springer Book Archive