Perfectly Secure Key Distribution for Dynamic Conferences

A key distribution scheme for dynamic conferences is a method by which initially an (off-line) trusted server distributes private individual pieces of information to a set of users. Later any group of users of a given size (a dynamic conference) is able to compute a common secure key. In this paper we study the theory and applications of such perfectly secure systems. In this setting, any group of t users can compute a common key by each user computing using only his private piece of information and the identities of the other t - 1 group users. Keys are secure against coalitions of up to k users, that is, even if k users pool together their pieces they cannot compute anything about a key of any t-size conference comprised of other users.First we consider a non-interactive model where users compute the common key without any interaction. We prove a lower hound on the size of the user's piece of information of (k+t-1 t-1) times the size of the common key. We then establish the optimality of this bound, by describing and analyzing a scheme which exactly meets this limitation (the construction extends the one in [2]). Then, we consider the model where interaction is allowed in the common key computation phase, and show a gap between the models by exhibiting an interactive scheme in which the user's information is only k + t - 1 times the size of the common key. We further show various applications and useful modifications of our basic scheme. Finally, we present its adaptation to network topologies with neighborhood constraints.

[1]  Hideki Imai,et al.  On the Key Predistribution System: A Practical Solution to the Key Distribution Problem , 1987, CRYPTO.

[2]  Silvio Micali,et al.  Secret-Key Agreement without Public-Key Cryptography , 1993, CRYPTO.

[3]  Moti Yung,et al.  Systematic Design of Two-Party Authentication Protocols , 1991, CRYPTO.

[4]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[5]  R. Gallager Information Theory and Reliable Communication , 1968 .

[6]  Walter Fumy,et al.  A Modular Approach to Key Distribution , 1990, CRYPTO.

[7]  Yacov Yacobi,et al.  On Key Distribution Systems , 1989, CRYPTO.

[8]  Jinhui Chao,et al.  A New ID-Based Key Sharing System , 1991, CRYPTO.

[9]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[10]  Michael J. Fischer,et al.  Secret Bit Transmission Using a Random Deal of Cards , 1990, Distributed Computing And Cryptography.

[11]  Yacov Yacobi A Key Distribution "Paradox" , 1990, CRYPTO.

[12]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[13]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[14]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[15]  Ernest F. Brickell,et al.  Secure Audio Teleconference , 1987, CRYPTO.

[16]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[17]  Whitfield Diffie,et al.  A Secure Audio Teleconference System , 1988, CRYPTO.

[18]  Michael J. Fischer,et al.  Multiparty Secret Key Exchange Using a Random Deal of Cards , 1991, CRYPTO.

[19]  Eiji Okamoto,et al.  Key distribution system based on identification information , 1989, IEEE J. Sel. Areas Commun..

[20]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[21]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[22]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[23]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[24]  Amos Beimel,et al.  Interaction in Key Distribution Schemes (Extended Abstract) , 1993, CRYPTO.

[25]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.