Contributory group key exchange in the presence of malicious participants

In a group key exchange (GKE) protocol, the resulting group key should be computed by all participants such that none of them can gain any advantage concerning the protocol's output: misbehaving participants might have personal advantage in influencing the value of the group key. In fact, the absence of trust relationship is the main feature of GKE (when compared with group key transport) protocols. The existing notions of security are enlarged by identifying limitations in some previously proposed security models while taking into account different types of corruptions (weak and strong). To illustrate these notions, two efficient and provably secure generic solutions, compilers, are presented.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[3]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[4]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.

[5]  Yacov Yacobi,et al.  On Key Distribution Systems , 1989, CRYPTO.

[6]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[7]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[8]  Mike Burmester,et al.  On the Risk of Opening Distributed Keys , 1994, CRYPTO.

[9]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.

[10]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Gene Tsudik,et al.  Authenticated group key agreement and friends , 1998, CCS '98.

[13]  Chris J. Mitchell,et al.  Key control in key agreement protocols , 1998 .

[14]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[15]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[16]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[17]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.

[18]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[19]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[20]  Dong Hoon Lee,et al.  Constant-Round Authenticated Group Key Exchange for Dynamic Groups , 2004, ASIACRYPT.

[21]  Emmanuel Bresson,et al.  Constant Round Authenticated Group Key Agreement via Distributed Computation , 2004, Public Key Cryptography.

[22]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[23]  Jonathan Katz,et al.  Modeling insider attacks on group key-exchange protocols , 2005, CCS '05.

[24]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[25]  Ron Steinfeld,et al.  A Non-malleable Group Key Exchange Protocol Robust Against Active Insiders , 2006, ISC.

[26]  Mark Manulis,et al.  Survey on Security Requirements and Models for Group Key Exchange , 2006, IACR Cryptol. ePrint Arch..

[27]  Rainer Steinwandt,et al.  Secure group key establishment revisited , 2007, International Journal of Information Security.