Abstract
Protocols for group key exchange (GKE) are cryptographic algorithms that describe how a group of parties communicating over a public network can come up with a common secret key. Due to their critical role in building secure multicast channels, a number of GKE protocols have been proposed over the years in a variety of settings. However despite many impressive achievements, it still remains a challenging problem to design a secure GKE protocol which scales very well for large groups. Our observation is that all constant-round authenticated GKE protocols providing forward secrecy thus far are not fully scalable, but have a computation complexity that scales only linearly in group size. Motivated by this observation, we propose a new and the first forward-secure authenticated GKE protocol that achieves both constant round complexity and logarithmic computation complexity. In particular, our GKE protocol is fully scalable in all key metrics when considered in the context of a broadcast network. The scalability of the protocol is achieved by using a complete binary tree structure combined with a so-called “nonce-chained authentication technique”. Besides its scalability, our protocol features provable security against active adversaries under the decisional Diffie-Hellman assumption. We provide a rigorous proof of security for the protocol in a well-defined formal model of communication and adversary capabilities. The result of the current work means that forward-secure generation of session keys even for very large groups can be now done both securely and efficiently.
This work was supported by the Korean Ministry of Information and Communication under the Information Technology Research Center (ITRC) support program supervised by the Institute of Information Technology Assessment (IITA).
Chapter PDF
References
Abdalla, M., Bresson, E., Chevassut, O., Pointcheval, D.: Password-based group key exchange in a constant number of rounds. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 427–442. Springer, Heidelberg (2006)
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Barua, R., Dutta, R., Sarkar, P.: Extending Joux’s protocol to multi party key agreement. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 205–217. Springer, Heidelberg (2003)
Becker, K., Wille, U.: Communication complexity of group key distribution. In: 5th ACM Conference on Computer and Communications Security (CCS ’98), pp. 1–6 (1998)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellare, M., Rogaway, P.: Provably secure session key distribution — the three party case. In: 27th ACM Symposium on Theory of Computing (STOC ’95), pp. 57–66 (1995)
Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84 (1992)
Boyd, C., Nieto, J.: Round-optimal contributory conference key agreement. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 161–174. Springer, Heidelberg (2002)
Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman key exchange secure against dictionary attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497–514. Springer, Heidelberg (2002)
Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably authenticated group Diffie-Hellman key exchange. In: 8th ACM Conference on Computer and Communications Security (CCS ’01), pp. 255–264 (2001)
Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)
Burmester, M., Desmedt, Y.: Efficient and secure conference-key distribution. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 119–129. Springer, Heidelberg (1997)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)
Choo, K.-K.R.: Provably-secure mutual authentication and key establishment protocols lounge (2006), Available at http://sky.fit.qut.edu.au/~choo/lounge.html
Choo, K.-K., Boyd, C., Hitchcock, Y.: Errors in computational complexity proofs for protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 624–643. Springer, Heidelberg (2005)
Denning, D., Sacco, G.: Timestamps in key distribution protocols. Communications of the ACM 24(8), 533–536 (1981)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Diffie, W., Oorschot, P., Wiener, M.: Authentication and authenticated key exchanges. Designs, Codes, and Cryptography 2(2), 107–125 (1992)
Dutta, R., Barua, R.: Constant round dynamic group key agreement. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 74–88. Springer, Heidelberg (2005)
Dutta, R., Barua, R., Sarkar, P.: Provably secure authenticated tree based group key agreement. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 92–104. Springer, Heidelberg (2004)
Hirose, S., Yoshida, S.: An authenticated Diffie-Hellman key agreement protocol secure against active attacks. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 135–148. Springer, Heidelberg (1998)
Ingemarsson, I., Tang, D., Wong, C.: A conference key distribution system. IEEE Transactions on Information Theory 28(5), 714–720 (1982)
Joux, A.: A one round protocol for tripartite Diffie-Hellman. Journal of Cryptology 17(4), 263–276 (2003), A preliminary version was presented at ANTS IV
Jung, B., Paeng, S., Kim, D.: Attacks to Xu-Tilborg’s conference key distribution scheme. IEEE Communications Letters 8(7), 446–448 (2004)
Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Katz, J., Shin, J.: Modeling insider attacks on group key-exchange protocols. In: 12th ACM Conference on Computer and Communications Security (CCS ’05), pp. 180–189 (2005)
Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)
Kim, H.-J., Lee, S.-M., Lee, D.: Constant-round authenticated group key exchange for dynamic groups. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 245–259. Springer, Heidelberg (2004)
Kim, Y., Perrig, A., Tsudik, G.: Simple and fault-tolerant key agreement for dynamic collaborative groups. In: 7th ACM Conference on Computer and Communications Security (CCS ’00), pp. 235–244 (2000)
Kim, Y., Perrig, A., Tsudik, G.: Communication-efficient group key agreement. In: IFIP SEC ’01, pp. 229–244 (2001)
Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
Lee, S., Kim, Y., Kim, K., Ryu, D.-H.: An efficient tree-based group key agreement using bilinear map. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 357–371. Springer, Heidelberg (2003)
Mayer, M., Yung, M.: Secure protocol transformation via “Expansion”: From two-party to groups. In: 6th ACM Conference on Computer and Communications Security (CCS ’99), pp. 83–92 (1999)
Nam, J., Lee, J., Kim, S., Won, D.: DDH-based group key agreement in a mobile environment. Journal of Systems and Software 78(1), 73–83 (2005)
Okamoto, E., Tanaka, K.: Key distribution system based on identification information. IEEE Journal on Selected Areas in Communications 7(4), 481–485 (1989)
Ren, K., Lee, H., Kim, K., Yoo, T.: Efficient authenticated key agreement protocol for dynamic groups. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 144–159. Springer, Heidelberg (2005)
Sherman, A., McGrew, D.: Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering 29(5), 444–458 (2003)
Shoup, V.: On formal models for secure key exchange. Cryptology ePrint Archive, Report 1999/012 (1999), Available at http://eprint.iacr.org/
Wallner, D., Harder, E., Agee, R.: Key management for multicast: issues and architectures. RFC 2627 (1999)
Wong, C., Gouda, M., Lam, S.: Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8(1), 16–30 (2000), A preliminary version was presented at ACM SIGCOMM ’98
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Nam, J., Paik, J., Kim, U.M., Won, D. (2007). Constant-Round Authenticated Group Key Exchange with Logarithmic Computation Complexity. In: Katz, J., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2007. Lecture Notes in Computer Science, vol 4521. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72738-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-72738-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72737-8
Online ISBN: 978-3-540-72738-5
eBook Packages: Computer ScienceComputer Science (R0)