One-Round Cross-Domain Group Key Exchange Protocol in the Standard Model

  • Xiao Lan
  • Jing Xu
  • Hui Guo
  • Zhenfeng Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10143)


Cross-domain group key exchange protocols enable participants from different domains, even with various cryptographic settings and system parameters, to establish a common secret session key. In prior cross-domain key exchange works, only the case of two communication parties is considered, and the two parties are required to adopt a common cryptographic setting (e.g., identity-based setting) or shared parameters (e.g., algebraic group), which is not suitable for group data sharing in many cross-domain interoperability scenarios. In this paper, we present the first one-round cross-domain group key exchange protocol, and by using indistinguishability obfuscation as the main tool, we prove our construction can achieve the desired security properties in the standard model. It is especially attractive for our protocol that existing PKIs can be used and all participants do not have to accommodate any other peers (even do not need to know other peers’ algebraic settings) to agree on the session key.


Group key exchange protocol Cross-domain Interoperability Indistinguishability obfuscation Standard model 



We want to thank the anonymous reviewers for their comments which helped to improve the paper. This work was supported by the National Grand Fundamental Research (973) Program of China under Grant 2013CB338003, and the National Natural Science Foundation of China (NSFC) under Grants U1536205 and 61572485.


  1. 1.
    Ingemarsson, I., Tang, D.T., Wong, C.K.: A conference key distribution system. IEEE Trans. Inf. Theory 28(5), 714–720 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Koyama, K., Ohta, K.: Identity-based conference key distribution systems. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 175–184. Springer, Heidelberg (1988). doi: 10.1007/3-540-48184-2_13 Google Scholar
  3. 3.
    Steer, D.G., Strawczynski, L., Diffie, W., Wiener, M.: A secure audio teleconference system. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 520–528. Springer, New York (1990). doi: 10.1007/0-387-34799-2_37 CrossRefGoogle Scholar
  4. 4.
    Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995). doi: 10.1007/BFb0053443 Google Scholar
  5. 5.
    Saeednia, S., Safavi-Naini, R.: Efficient identity-based conference key distribution protocols. In: Boyd, C., Dawson, E. (eds.) ACISP 1998. LNCS, vol. 1438, pp. 320–331. Springer, Heidelberg (1998). doi: 10.1007/BFb0053744 CrossRefGoogle Scholar
  6. 6.
    Tzeng, W.-G., Tzeng, Z.-J.: Round-efficient conference key agreement protocols with provable security. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 614–627. Springer, Heidelberg (2000). doi: 10.1007/3-540-44448-3_47 CrossRefGoogle Scholar
  7. 7.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably authenticated group diffie-hellman key exchange. In: CCS 2001, pp. 255–264. ACM (2001)Google Scholar
  8. 8.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably authenticated group diffie-hellman key exchange — the dynamic case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_18 CrossRefGoogle Scholar
  9. 9.
    Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic group diffie-hellman key exchange under standard assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_21 CrossRefGoogle Scholar
  10. 10.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_7 CrossRefGoogle Scholar
  11. 11.
    Burmester, M., Desmedt, Y.: A secure and scalable group key exchange system. Inf. Process Lett. (IPL) 94(3), 137–143 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Neupane, K., Steinwandt, R.: Communication-efficient 2-round group key establishment from pairings. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 65–76. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19074-2_5 CrossRefGoogle Scholar
  13. 13.
    Arifi, M., Gardeshi, M., Farash, M.S.: A new efficient authenticated id-based group key agreement protocol. Cryptology ePrint Archive: Report 2012/395 (2012)Google Scholar
  14. 14.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). doi: 10.1007/3-540-48329-2_21 Google Scholar
  15. 15.
    Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_27 CrossRefGoogle Scholar
  16. 16.
    Chen, L., Kudla, C.: Identity based authenticated key agreement protocols from pairings. In: CSFW 2003, pp. 219–233. IEEE Computer Society (2003)Google Scholar
  17. 17.
    McCullagh, N., Barreto, P.S.L.M.: A new two-party identity-based authenticated key agreement. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 262–274. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30574-3_18 CrossRefGoogle Scholar
  18. 18.
    Ustaoğlu, B.: Integrating identity-based and certificate-based authenticated key exchange protocols. Int. J. Inf. Secur. 10(4), 201–212 (2011)CrossRefGoogle Scholar
  19. 19.
    Guo, Y., Zhang, Z.: Authenticated key exchange with entities from different settings and varied groups. In: Takagi, T., Wang, G., Qin, Z., Jiang, S., Yu, Y. (eds.) ProvSec 2012. LNCS, vol. 7496, pp. 276–287. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33272-2_18 CrossRefGoogle Scholar
  20. 20.
    Chen, L., Lim, H.W., Yang, G.: Cross-domain password-based authenticated key exchange revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 15:16(4), 1–15:32 (2014)Google Scholar
  21. 21.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im) possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS 2013, pp. 40–49. IEEE (2013)Google Scholar
  23. 23.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_1 CrossRefGoogle Scholar
  24. 24.
    Hu, Y., Jia, H.: Cryptanalysis of GGH map. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 537–565. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49890-3_21 CrossRefGoogle Scholar
  25. 25.
    Miles, E., Sahai, A., Zhandry, M.: Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 629–658. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53008-5_22 CrossRefGoogle Scholar
  26. 26.
    Garg, S., Mukherjee, P., Srinivasan, A.: Obfuscation without the vulnerabilities of multilinear maps. Cryptology ePrint Archive: Report 2016/390 (2016)Google Scholar
  27. 27.
    Lin, H., Vaikuntanathan, V.: Indistinguishability obfuscation from DDH-like assumptions on constant-degree graded encodings. In: FOCS 2016, pp. 11–20. IEEE (2016)Google Scholar
  28. 28.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM (JACM) 33(4), 792–807 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 280–300. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42045-0_15 CrossRefGoogle Scholar
  30. 30.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.Trusted Computing and Information Assurance Laboratory, Institute of SoftwareChinese Academy of SciencesBeijingChina
  3. 3.State Key Laboratory of CryptologyBeijingChina
  4. 4.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations