SAS-Based Group Authentication and Key Agreement Protocols

  • Sven Laur
  • Sylvain Pasini
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4939)


New trends in consumer electronics have created a strong demand for fast, reliable and user-friendly key agreement protocols. However, many key agreement protocols are secure only against passive attacks. Therefore, message authentication is often unavoidable in order to achieve security against active adversaries. Pasini and Vaudenay were the first to propose a new compelling methodology for message authentication. Namely, their two-party protocol uses short authenticated strings (SAS) instead of pre-shared secrets or public-key infrastructure that are classical tools to achieve authenticity. In this article, we generalise this methodology for multi-party settings. We give a new group message authentication protocol that utilises only limited authenticated communication and show how to combine this protocol with classical key agreement procedures. More precisely, we describe how to transform any group key agreement protocol that is secure against passive attacks into a new protocol that is secure against active attacks.


Groups multi-party message authentication key agreement 


  1. 1.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: STOC 1995: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, Las Vegas, Nevada, U.S.A, pp. 57–66. ACM press, New York (1995)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Sahai, A.: Non-malleable encryption: Equivalence between two notions, and an indistinguishability-based characterization. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 519–536. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    Burmester, M., Desmedt, Y.: A secure and scalable Group Key Exchange system. Information Processiong Letter 94(3), 137–143 (2005)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Damgård, I., Groth, J.: Non-interactive and reusable non-malleable commitment schemes. In: STOC 2003: Proceedings of the Thirty-Fifth Annual ACM Symposium on Theory of Computing, San Diego, California, U.S.A., pp. 426–437. ACM Press, New York (2003)CrossRefGoogle Scholar
  8. 8.
    Desmedt, Y., Burmester, M.: A secure and efficient conference key distribution system (extended abstract). In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)Google Scholar
  9. 9.
    Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: STOC 1998: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, Dallas, Texas, USA, pp. 141–150. ACM Press, New York (1998)CrossRefGoogle Scholar
  10. 10.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT–22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: STOC 1991: Proceedings of the Twenty Third Annual ACM Symposium on Theory of Computing, New Orleans, Louisiana, U.S.A., pp. 542–552. ACM Press, New York (1991)CrossRefGoogle Scholar
  12. 12.
    Fischlin, M., Fischlin, R.: Efficient non-malleable commitment schemes. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 413–431. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Just, M., Vaudenay, S.: Authenticated Multi-Party Key Agreement. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 36–49. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  14. 14.
    Laur, S., Nyberg, K.: Efficient Mutual Data Authentication Using Manually Authenticated Strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Lindell, Y.: General composition and universal composability in secure multi-party computation. In: FOCS 2003, pp. 394–403. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  16. 16.
    MacKenzie, P., Yang, K.: On Simulation-Sound Trapdoor Commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382–400. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Pasini, S., Vaudenay, S.: An Optimal Non-interactive Message Authentication Protocol. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 280–294. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Pasini, S., Vaudenay, S.: SAS-based Authenticated Key Agreement. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 395–409. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Valkonen, J., Asokan, N., Nyberg, K.: Ad hoc security association for groups. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 150–164. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Vaudenay, S.: On Bluetooth repairing: Key agreement based on symmetric-key cryptography. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 1–9. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Sven Laur
    • 1
  • Sylvain Pasini
    • 2
  1. 1.Helsinki University of TechnologyFinland
  2. 2.EPFL, LausanneSwitzerland

Personalised recommendations