Computationally-Fair Group and Identity-Based Key-Exchange

In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (referred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9] (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an adversary can do the following damages: It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players. It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker. We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange, which yet bring some new perspectives to the literature of group and identity-based key-exchange. We then present some fixing approaches, and prove that the fixed protocols are computationally fair.

[1]  Jonathan Katz,et al.  Modeling insider attacks on group key-exchange protocols , 2005, CCS '05.

[2]  Yunlei Zhao,et al.  A New Family of Practical Non-Malleable Diffie-Hellman Protocols , 2011, ArXiv.

[3]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[4]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[5]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[6]  Chris J. Mitchell,et al.  Key control in key agreement protocols , 1998 .

[7]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[8]  Yehuda Lindell,et al.  Secure Multi-Party Computation without Agreement , 2005, Journal of Cryptology.

[9]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[10]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[11]  Emmanuel Bresson,et al.  Password-Based Group Key Exchange in a Constant Number of Rounds , 2006, Public Key Cryptography.

[12]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[13]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  Yvo Desmedt,et al.  Efficient and Secure Conference-Key Distribution , 1996, Security Protocols Workshop.

[18]  Ashutosh Saxena,et al.  A Survey on ID-Based Cryptographic Primitives , 2005, IACR Cryptol. ePrint Arch..

[19]  Ron Steinfeld,et al.  A Non-malleable Group Key Exchange Protocol Robust Against Active Insiders , 2006, ISC.

[20]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[21]  Emmanuel Bresson,et al.  Securing group key exchange against strong corruptions , 2008, ASIACCS '08.

[22]  Rainer Steinwandt,et al.  Secure group key establishment revisited , 2007, International Journal of Information Security.

[23]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.