Malicious Participants in Group Key Exchange: Key Control and Contributiveness in the Shadow of Trust

(Extended Abstract)
  • Emmanuel Bresson
  • Mark Manulis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


Group key exchange protocols allow their participants to compute a secret key which can be used to ensure security and privacy for various multi-party applications. The resulting group key should be computed through cooperation of all protocol participants such that none of them is trusted to have any advantage concerning the protocol’s output. This trust relationship states the main difference between group key exchange and group key transport protocols. Obviously, misbehaving participants in group key exchange protocols may try to influence the resulting group key, thereby disrupting this trust relationship, and also causing further security threats. This paper analyzes the currently known security models for group key exchange protocols with respect to this kind of attacks by malicious participants and proposes an extended model to remove the identified limitations. Additionally, it proposes an efficient and provably secure generic solution, a compiler, to guarantee these additional security goals for group keys exchanged in the presence of malicious participants.


Protocol Execution Honest User Protocol Participant Strong Corruption Honest Participant 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ateniese, G., Steiner, M., Tsudik, G.: Authenticated Group Key Agreement and Friends. ACM CCS, 17–26 (1998)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: CRYPTO, pp. 232–249 (1993)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: The Three Party Case. STOC, 57–66 (1995)Google Scholar
  4. 4.
    Bohli, J.-M., Vasco, M.I.G., Steinwandt, R.: Secure Group Key Establishment Revisited. International Journal of Information Security (to appear).
  5. 5.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)Google Scholar
  6. 6.
    Bresson, E., Catalano, D.: Constant Round Authenticated Group Key Agreement via Distributed Computation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 115–129. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably Authenticated Group Diffie-Hellman Key Exchange. ACM CCS, 255–264 (2001)Google Scholar
  9. 9.
    Bresson, E., Manulis, M.: Full version of this paper. Available from the authors’ homepagesGoogle Scholar
  10. 10.
    Burmester, M.: On the Risk of Opening Distributed Keys. In: CRYPTO, pp. 308–317 (1994)Google Scholar
  11. 11.
    Burmester, M., Desmedt, Y.: A Secure and Efficient Conference Key Distribution System. In: EUROCRYPT, pp. 275–286 (1994)Google Scholar
  12. 12.
    Choo, K.K.R., Boyd, C., Hitchcock, Y.: Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585–604. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE IT 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and Authenticated Key Exchanges. DCC 2(2), 107–125 (1992)Google Scholar
  15. 15.
    Goldreich, O.: Foundations of Cryptography - Basic Tools, vol. 1. Cambridge University Press, Cambridge (2001)zbMATHGoogle Scholar
  16. 16.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM Journal of Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Günther, C.G.: An Identity-Based Key-Exchange Protocol. In: EUROCRYPT, pp. 29–37 (1989)Google Scholar
  18. 18.
    Katz, J., Shin, J.S.: Modeling Insider Attacks on Group Key-Exchange Protocols. ACM CCS, 180–189 (2005)Google Scholar
  19. 19.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: CRYPTO, pp. 110–125 (2003)Google Scholar
  20. 20.
    Kim, Y., Perrig, A., Tsudik, G.: Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups. ACM CCS, 235–244 (2000)Google Scholar
  21. 21.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
  22. 22.
    Manulis, M.: Survey on Security Requirements and Models for Group Key Exchange. Technical Report.
  23. 23.
    Manulis, M.: Security-Focused Survey on Group Key Exchange Protocols. Technical Report.
  24. 24.
    Menezes, A., van Oorschot, P.C., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)Google Scholar
  25. 25.
    Mitchell, C.J., Ward, M., Wilson, P.: Key Control in Key Agreement Protocols. El. Letters 34(10), 980–981 (1998)CrossRefGoogle Scholar
  26. 26.
    Shoup, V.: On Formal Models for Secure Key Exchange (Version 4). Technical Report.
  27. 27.
    Steiner, M.: Secure Group Key Agreement. PhD thesis (2002)Google Scholar
  28. 28.
    Yacobi, Y., Shmuely, Z.: On Key Distribution Systems. In: CRYPTO, pp. 344–355 (1989)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Emmanuel Bresson
    • 1
  • Mark Manulis
    • 2
  1. 1.DCSSI Crypto Lab Paris 
  2. 2.Horst Görtz Institute, Ruhr-University of BochumGermany

Personalised recommendations