Computationally sound symbolic security reduction analysis of the group key exchange protocols using bilinear pairings

The security of the group key exchange protocols has been widely studied in the cryptographic community in recent years. Current work usually applies either the computational approach or the symbolic approach for security analysis. The symbolic approach is more efficient than the computational approach, because it can be easily automated. However, compared with the computational approach, it has to overcome three challenges: (1) The computational soundness is unclear; (2) the number of participants must be fixed; and (3) the advantage of efficiency disappears, if the number of participants is large. This paper proposes a computationally sound symbolic security reduction approach to resolve these three issues. On one hand, combined with the properties of the bilinear pairings, the universally composable symbolic analysis (UCSA) approach is extended from the two-party protocols to the group key exchange protocols. Meanwhile, the computational soundness of the symbolic approach is guaranteed. On the other hand, for the group key exchange protocols which satisfy the syntax of the simple protocols proposed in this paper, the security is proved to be unrelated with the number of participants. As a result, the symbolic approach just needs to deal with the protocols among three participants. This makes the symbolic approach has the ability to handle arbitrary number of participants. Therefore, the advantage of efficiency is still guaranteed. The proposed approach can also be applied to other types of cryptographic primitives besides bilinear pairing for computationally sound and efficient symbolic analysis of group key exchange protocols.

[1]  Xiaohui Liang,et al.  Proxy re-encryption with keyword search , 2010, Inf. Sci..

[2]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[3]  Ran Canetti,et al.  Universally Composable Symbolic Analysis of Diffie-Hellman based Key Exchange , 2010, IACR Cryptol. ePrint Arch..

[4]  Steve Kremer,et al.  Computationally sound analysis of protocols using bilinear pairings , 2010, J. Comput. Secur..

[5]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[6]  Martín Abadi,et al.  Password-Based Encryption Analyzed , 2005, ICALP.

[7]  Vitaly Shmatikov,et al.  Towards computationally sound symbolic analysis of key exchange protocols , 2005, FMSE '05.

[8]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[9]  Emmanuel Bresson,et al.  A Generalization of DDH with Applications to Protocol Analysis and Computational Soundness , 2007, CRYPTO.

[10]  Jonathan Katz,et al.  Modeling insider attacks on group key-exchange protocols , 2005, CCS '05.

[11]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, Journal of Cryptology.

[12]  Ran Canetti,et al.  Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols , 2006, TCC.

[13]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[14]  Bogdan Warinschi,et al.  Completeness Theorems for the Abadi-Rogaway Language of Encrypted Expressions , 2004, J. Comput. Secur..

[15]  Ran Canetti,et al.  Universally Composable Symbolic Security Analysis , 2009, Journal of Cryptology.

[16]  Xiaoni Du,et al.  A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges , 2010, Inf. Sci..

[17]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[18]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[19]  Jonathan Herzog,et al.  Soundness of Formal Encryption in the Presence of Key-Cycles , 2005, ESORICS.

[20]  Véronique Cortier,et al.  A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems , 2011, Journal of Automated Reasoning.

[21]  Michael Backes,et al.  Computational Soundness of Symbolic Zero-Knowledge Proofs Against Active Attackers , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[22]  Josep Domingo-Ferrer,et al.  Provably secure one-round identity-based authenticated asymmetric group key agreement protocol , 2011, Inf. Sci..

[23]  Kyung-Ah Shim A round-optimal three-party ID-based authenticated key agreement protocol , 2012, Inf. Sci..

[24]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[25]  Mingwu Zhang,et al.  Group-oriented setting's multisigncryption scheme with threshold designcryption , 2011, Inf. Sci..

[26]  Jonathan Herzog,et al.  A computational interpretation of Dolev-Yao adversaries , 2005, Theor. Comput. Sci..

[27]  Andre Scedrov,et al.  Computational and information-theoretic soundness and completeness of formal encryption , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[28]  Flavio D. Garcia,et al.  Sound and complete computational interpretation of symbolic hashes in the standard model , 2006, Theor. Comput. Sci..

[29]  Josep Domingo-Ferrer,et al.  Simulatable certificateless two-party authenticated key agreement protocol , 2010, Inf. Sci..

[30]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[31]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[32]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[33]  Flavio D. Garcia,et al.  Computational Soundness of Non-Malleable Commitments , 2008, ISPEC.

[34]  Peeter Laud,et al.  Sound Computational Interpretation of Formal Encryption with Composed Keys , 2003, ICISC.