# A new strong security model for stateful authenticated group key exchange

## Abstract

Stateful authenticated group key exchange (stAGKE) represents an important class of authenticated group key exchange (AGKE) such as tree-based AGKE. The computation of either ephemeral public key or session key in a new stAGKE session may be based on the ephemeral secret state from some previously established session. We notice that earlier AGKE models may be not able to provide appropriate security arguments for stAGKE. In this work, a new model is proposed for stAGKE to formulate security properties in particular for resistance to the leakage attacks on ephemeral key. To be of independent interest, the new model is also flexible, which can be used for analyzing either stateless or stateful AGKE protocols. We show the validity of our model by introducing a new tree-based protocol construction for stAGKE. The proposed scheme is proven secure in our new proposed model without random oracles.

## Keywords

Stateful group key exchange Dynamic group key exchange Tree-based group key exchange Security model Ephemeral key leakage## Mathematics Subject Classification

94A60## Notes

### Acknowledgements

This study was supported by National Natural Science Foundation of China (Grant Nos. 11647097, 11547148 and 61503052), Research Project of Humanities and Social Sciences of Ministry of Education of China (Grant Nos. 16YJC870018, 15YJC790061 and 16JDSZ2019) and Scientific and Technological Research Program of Chongqing Municipal Education Commission (Grant Nos. KJ1500918, KJ1600928 and KJ1600932)

## References

- 1.Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Proceedings of the 6th Theory of Cryptography Conference, pp. 474–495 (2009)Google Scholar
- 2.Alawatugoda, J., Boyd, C., Stebila, D.: Continuous after-the-fact leakage-resilient key exchange. In: Proceedings of the 19th Australasian Conference on Information Security and Privacy, pp. 258–273 (2014)Google Scholar
- 3.Alawatugoda, J., Stebila, D., Boyd, C.: Modelling after-the-fact leakage for key exchange. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 207–216 (2014)Google Scholar
- 4.Barua, R., Dutta, R., Sarkar, P.: Extending joux’s protocol to multi party key agreement. In: Proceedings of the 4th International Conference on Cryptology in India—INDOCRYPT 2003, pp. 205–217 (2003)Google Scholar
- 5.Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Proceedings of Advances in Cryptology—CRYPTO’93, pp. 232–249 (1994)Google Scholar
- 6.Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques—EUROCRYPT’06, pp. 409–426 (2006)Google Scholar
- 7.Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Proceedings of Advances in Cryptology—EUROCRYPT’07, pp. 37–51 (1997)Google Scholar
- 8.Brakerski, Z., Kalai, Y.T., Katz, J., Vaikuntanathanm, V.: Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. In: Proceedings of the 51st Annual Symposium on Foundations of Computer Science, pp. 501–510 (2010)Google Scholar
- 9.Brecher, T., Bresson, E., Manulis, M.: Fully robust tree-diffie-hellman group key exchange. In: Proceedings of the 8th International Conference on Cryptology and Network Security, pp. 478–497 (2009)Google Scholar
- 10.Bresson, E., Chevassut, O., Pointcheval, D.: Provably authenticated group Diffie-Hellman key exchange—the dynamic case. In: Proceedings of Advances in Cryptology—ASIACRYPT, vol. 2001, pp. 290–309 (2001)Google Scholar
- 11.Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably authenticated group Diffie-Hellman key exchange. In: Proceedings of the 8th Conference on Computer and Communications Security, pp. 255–264 (2001)Google Scholar
- 12.Bresson, E., Manulis, M.: Securing group key exchange against strong corruptions. In: Proceedings of the 3th ACM Symposium on Information, Computer and Communications Security, pp. 249–260 (2008)Google Scholar
- 13.Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: Proceedings of Advances in Cryptology—EUROCRYPT’94, pp. 275–286 (1995)Google Scholar
- 14.Chen, Y.R., Tzeng, W.G.: Group key management with efficient rekey mechanism: a semi-stateful approach for out-of-synchronized members. Comput. Commun.
**98**, 31–42 (2017)CrossRefGoogle Scholar - 15.Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Proceedings of Advances in Cryptology—EUROCRYPT, vol. 2001, pp. 453–474 (2001)Google Scholar
- 16.Cremers, C., Feltz, M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. In: Proceedings of the 17th European Symposium on Research in Computer Security, pp. 734–751 (2012)Google Scholar
- 17.Desmedt, Y., Lange, T., Burmester, M.: Scalable authenticated tree based group key exchange for ad-hoc groups. In: Proceedings of the 11th International Conference on Financial Cryptography and Data Security, pp. 104–118 (2007)Google Scholar
- 18.Dutta, R., Barua, R.: Dynamic group key agreement in tree-based setting. In: Proceedings of the 10th Australasian Conference on Information Security and Privacy, pp. 101–112 (2005)Google Scholar
- 19.Fortino, G., Russo, W., Mastroianni, C., Palau, C.E., Esteve, M.: CDN-supported collaborative media streaming control. IEEE MultiMedia
**14**(2), 60–71 (2007)CrossRefGoogle Scholar - 20.Fujioka, A., Manulis, M., Suzuki, K., Ustaoglu, B.: Sufficient condition for ephemeral key-leakage resilient tripartite key exchange. In: Proceedings of the 17th Australasian Conference on Information Security and Privacy, pp. 15–28 (2012)Google Scholar
- 21.Gorantla, M.C., Boyd, C., Nieto, J.M.G.: Modeling key compromise impersonation attacks on group key exchange protocols. In: Proceedings of the 12th International Conference on Theory and Practice of Public Key Cryptography, pp. 105–123 (2009)Google Scholar
- 22.He, S., Wu, Q., Qin, B., Liu, J., Li, Y.: Efficient group key management for secure big data in predictable large-scale networks. Concurr. Comput. Pract. Exp.
**28**(4), 1174–1192 (2016)CrossRefGoogle Scholar - 23.Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM
**52**(5), 91–98 (2009)CrossRefGoogle Scholar - 24.Jiang, S.: Group key agreement with local connectivity. IEEE Trans. Dependable Secur. Comput.
**13**(3), 326–339 (2016)MathSciNetCrossRefGoogle Scholar - 25.Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Proceedings of Advances in Cryptology—CRYPTO, vol. 2003, pp. 110–125 (2003)Google Scholar
- 26.Kim, Y., Perrig, A., Tsudik, G.: Communication-efficient group key agreement. In: Proceedings of IFIP International Conference on Trusted Information, pp. 229–244 (2001)Google Scholar
- 27.Kim, Yongdae, Perrig, Adrian, Tsudik, Gene: Tree-based group key agreement. ACM Trans. Inf. Syst. Secur.
**7**(1), 60–96 (2004)CrossRefGoogle Scholar - 28.Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology—CRYPTO’99, pp. 388–397 (1999)Google Scholar
- 29.Krawczyk, H.: HMQV: a high-performance secure diffie-hellman protocol. In: Proceedings of Advances in Cryptology—CRYPTO, vol. 2005, pp. 546–566 (2005)Google Scholar
- 30.LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Proceedings of the 1st International Conference on Provable Security, pp. 1–16 (2007)Google Scholar
- 31.Li, Y., Yang, Z.: Strongly secure one-round group authenticated key exchange in the standard model. In: Proceedings of the 12th International Conference on Cryptology and Network Security, pp. 122–138 (2013)Google Scholar
- 32.Liao, L., Manulis, M.: Tree-based group key agreement framework for mobile ad-hoc networks. Future Gener. Comput. Syst.
**23**(6), 787–803 (2007)CrossRefGoogle Scholar - 33.Manulis, M., Suzuki, K., Ustaoglu, B.: Modeling leakage of ephemeral secrets in tripartite/group key exchange. In: Proceedings of the 12th International Conference on Information Security and Cryptology, pp. 16–33 (2010)Google Scholar
- 34.Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive: http://eprint.iacr.org/2004/332
- 35.Sun, Y., Chen, M., Bacchus, A., Lin, X.: Towards collusion-attack-resilient group key management using one-way function tree. Comput. Netw.
**104**, 16–26 (2016)Google Scholar - 36.Vijayakumar, P., Naresh, R., Deborah, L.J., Islam, S.H.: An efficient group key agreement protocol for secure P2P communication. Secur. Commun. Netw.
**9**(17), 3952–3965 (2016)Google Scholar - 37.Yang, Z.: Towards modelling perfect forward secrecy for one-round group key exchange. Int. J. Netw. Sec.
**18**, 304–315 (2016)Google Scholar - 38.Yang, Z.: On constructing practical multi-recipient key-encapsulation with short ciphertext and public key. Secur. Commun. Netw.
**8**(18), 4191–4202 (2015)CrossRefGoogle Scholar