Revisiting Pairing Based Group Key Exchange

Secure communication within a large group of users such as participants in a phone or video conference relies on the availability of secure data and efficient data transmission. Group key exchange protocols allow a (large) group of nusers to establish a joint secret key which can be used in symmetric systems to efficiently en- and decrypt messages to and from the group. To deal with varying constellations of the groups and to ensure key freshness it is essential that the group key exchange protocol is efficient. Most protocols are generalizations of two-party protocols like Diffie-Hellman key exchange. The Burmester and Desmedt I protocol establishes a key in a constant number of rounds independent of the size of the group of users and in O(n) complexity of computation per user. After Joux's proposal to use pairings to enable a one-round tripartite key exchange (KE) several extensions of existing group KE and authenticated key exchange (AKE) protocols were published. However, quite a few turned out to be flawed and the complexity is often worse than for the original scheme. In this paper we propose a new constant round pairing based group AKE protocol which requires a lower computational complexity per user compared to previous proposals. Furthermore, the scheme is particularly interesting for groups in which some members enjoy more computational power than others. The protocol is most efficient if these members constitute roughly half of the group. We also provide a pairing-based version of the Burmester-Desmedt II group key exchange which runs in 3 rounds and requires only O(logn) computation and communication. Both protocols are faster than any published pairing-based key exchange protocols. If the parameters are chosen appropriately so that the pairing computations are fast the protocols can outperform the respective DL-based Burmester-Desmedt key exchange protocols.

[1]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[2]  Serge Vaudenay,et al.  Authenticated Multi-Party Key Agreement , 1996, ASIACRYPT.

[3]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[4]  D. Boneh,et al.  Short Signatures from the Weil Pairing , 2001, Journal of Cryptology.

[5]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[6]  Kwangjo Kim,et al.  Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[7]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[8]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[9]  Thomas Johansson,et al.  Progress in Cryptology - INDOCRYPT 2003 , 2003, Lecture Notes in Computer Science.

[10]  Ratna Dutta,et al.  Extending Joux's Protocol to Multi Party Key Agreement (Extended Abstract) , 2003, INDOCRYPT.

[11]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[12]  Alfred Strohmeier,et al.  «UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications , 2004, Lecture Notes in Computer Science.

[13]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.

[14]  Yvo Desmedt,et al.  Identity-based Key Infrastructures (IKI) , 2004, SEC.

[15]  Dong Hoon Lee,et al.  Efficient ID-based Group Key Agreement with Bilinear Maps , 2004, Public Key Cryptography.

[16]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[17]  Yvo Desmedt,et al.  A secure and scalable Group Key Exchange system , 2005, Inf. Process. Lett..

[18]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[19]  Yvo Desmedt,et al.  Efficient and Secure Conference-Key Distribution , 1996, Security Protocols Workshop.

[20]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[21]  Ying Wang,et al.  An Improved ID-based Authenticated Group Key Agreement Scheme , 2003, IACR Cryptol. ePrint Arch..

[22]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[23]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[24]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.

[25]  Tanja Lange,et al.  Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups , 2006, Financial Cryptography.

[26]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[27]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.