Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions

Authenticated Diffie-Hellman key exchange allows two principals communicating over a public network, and each holding public/ private keys, to agree on a shared secret value. In this paper we study the natural extension of this cryptographic problem to a group of principals. We begin from existing formal security models and refine them to incorporate major missing details (e.g., strong-corruption and concurrent sessions). With in this model we define the execution of a protocol for authenticated dynamic group Diffie-Hellman and show that it is provably secure under the decisional Diffie-Hellman assumption. Our security result holds in the standard model and thus provides better security guarantees than previously published results in the random oracle model.

[1]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[2]  Russell Greiner,et al.  Efficient reasoning , 2001, CSUR.

[3]  Steve H. Weingart Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences , 2000, CHES.

[4]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.

[5]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[6]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.

[7]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[8]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[9]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[10]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[11]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[12]  Kenneth P. Birman,et al.  A review of experiences with reliable multicast , 1999, Softw. Pract. Exp..

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Emmanuel Bresson,et al.  Provably Authenticated Group Diffie-Hellman Key Exchange - The Dynamic Case , 2001, ASIACRYPT.

[15]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[16]  Serge Vaudenay,et al.  Authenticated Multi-Party Key Agreement , 1996, ASIACRYPT.

[17]  Whitfield Diffie,et al.  A Secure Audio Teleconference System , 1988, CRYPTO.

[18]  Kenneth P. Briman A review of experiences with reliable multicast , 1999 .

[19]  Marc Joye,et al.  On the importance of securing your bins: the garbage-man-in-the-middle attack , 1997, CCS '97.

[20]  Markus Jakobsson,et al.  How to Forget a Secret , 1999, STACS.

[21]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[22]  Idit Keidar,et al.  Group communication specifications: a comprehensive study , 2001, CSUR.

[23]  Wen-Guey Tzeng,et al.  A Practical and Secure-Fault-Tolerant Conferenc-Key Agreement Protocol , 2000, Public Key Cryptography.

[24]  Victor Shoup,et al.  Session Key Distribution Using Smart Cards , 1996, EUROCRYPT.

[25]  Gene Tsudik,et al.  Authenticated group key agreement and friends , 1998, CCS '98.

[26]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[27]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[28]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[29]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[30]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[31]  Klaus Vedder,et al.  Smart Cards - Requirements, Properties, and Applications , 1997, State of the Art in Applied Cryptography.