A security weakness in Abdalla et al.'s generic construction of a group key exchange protocol

In TCC '07, Abdalla et al. presented a protocol compiler that transforms any authenticated 2-party key exchange protocol into an authenticated group key exchange (GKE) protocol. Abdalla et al.'s compiler is certainly elegant in its genericness, symmetry, simplicity and efficiency. However, this compiler is not as secure as claimed. Under a reasonable assumption, the GKE protocol constructed by the compiler (from a 2-party protocol) fails to achieve implicit key authentication. We here reveal this security problem with the compiler and show how to address it.

[1]  Kim-Kwang Raymond Choo Refuting the Security Claims of Mathuria and Jain (2005) Key Agreement Protocols , 2008, Int. J. Netw. Secur..

[2]  Zhenfu Cao,et al.  An improved identity-based key agreement protocol and its security proof , 2009, Inf. Sci..

[3]  Raphael C.-W. Phan,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008, Inf. Sci..

[4]  Kyung-Ah Shim,et al.  Cryptanalysis of tripartite and multi-party authenticated key agreement protocols , 2007, Inf. Sci..

[5]  Colin Boyd,et al.  Errors in Computational Complexity Proofs for Protocols , 2005, ASIACRYPT.

[6]  Jean-Jacques Quisquater,et al.  A security analysis of the cliques protocols suites , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[7]  Rafail Ostrovsky,et al.  Efficient and secure authenticated key exchange using weak passwords , 2009, JACM.

[8]  Emmanuel Bresson,et al.  Contributory group key exchange in the presence of malicious participants , 2008, IET Inf. Secur..

[9]  Dongho Won,et al.  Security weakness in a three-party pairing-based protocol for password authenticated key exchange , 2007, Inf. Sci..

[10]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[11]  Dongho Won,et al.  Security enhancement to a password-authenticated group key exchange protocol for mobile Ad-hoc networks , 2008, IEEE Communications Letters.

[12]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[13]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[14]  María Isabel González Vasco,et al.  (Password) Authenticated Key Establishment: From 2-Party to Group , 2007, TCC.