Fully Robust Tree-Diffie-Hellman Group Key Exchange

  • Timo Brecher
  • Emmanuel Bresson
  • Mark Manulis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5888)


We extend the well-known Tree-Diffie-Hellman technique used for the design of group key exchange (GKE) protocols with robustness, i.e. with resistance to faults resulting from possible system crashes, network failures, and misbehavior of the protocol participants. We propose a fully robust GKE protocol using the novel tree replication technique: our basic protocol version ensures security against outsider adversaries whereas its extension addresses optional insider security. Both protocols are proven secure assuming stronger adversaries gaining access to the internal states of participants. Our security model for robust GKE protocols can be seen as a step towards unification of some earlier security models in this area.


Random Oracle Impersonation Attack Random Oracle Model Protocol Execution Byzantine Agreement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amir, Y., Nita-Rotaru, C., Schultz, J.L., Stanton, J.R., Kim, Y., Tsudik, G.: Exploring Robustness in Group Key Agreement. In: Proc. of ICDCS 2001, pp. 399–408. IEEE CS, Los Alamitos (2001)Google Scholar
  2. 2.
    Ateniese, G., Song, D.X., Tsudik, G.: Quasi-Efficient Revocation in Group Signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 183–197. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Ateniese, G., Steiner, M., Tsudik, G.: Authenticated Group Key Agreement and Friends. In: Proc. of ACM CCS 1998, pp. 17–26. ACM Press, New York (1998)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proc. of ACM CCS 1993, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  5. 5.
    Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  6. 6.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably Authenticated Group Diffie-Hellman Key Exchange — The Dynamic Case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–390. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: ACM CCS 2001, pp. 255–264. ACM Press, New York (2001)CrossRefGoogle Scholar
  10. 10.
    Bresson, E., Manulis, M.: Malicious Participants in Group Key Exchange: Key Control and Contributiveness in the Shadow of Trust. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 395–409. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Bresson, E., Manulis, M., Schwenk, J.: On Security Models and Compilers for Group Key Exchange Protocols. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 292–307. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Bresson, E., Manulis, M.: Securing Group Key Exchange against Strong Corruptions. In: Proc. of ASIACCS 2008, pp. 249–261. ACM Press, New York (2008)CrossRefGoogle Scholar
  13. 13.
    Cachin, C., Kursawe, K., Shoup, V.: Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement using Cryptography. In: Proc. of PODC 2000, pp. 123–132. ACM Press, New York (2000)Google Scholar
  14. 14.
    Cachin, C., Strobl, R.: Asynchronous Group Key Exchange with Failures. In: Proc. of PODC 2004, pp. 357–366. ACM Press, New York (2004)CrossRefGoogle Scholar
  15. 15.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Canetti, R., Rabin, T.: Fast Asynchronous Byzantine Agreement with Optimal Resilience. In: STOC 1993, pp. 42–51. ACM Press, New York (1993)CrossRefGoogle Scholar
  17. 17.
    Chockler, G.V., Keidar, I., Vitenberg, R.: Group Communication Specifications: A Comprehensive Study. ACM Computing Surveys 33(4), 427–469 (2001)CrossRefGoogle Scholar
  18. 18.
    Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585–604. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Choudary Gorantla, M., Boyd, C., González Nieto, J.M.: Modeling Key Compromise Impersonation Attacks on Group Key Exchange Protocols. In: PKC 2009. LNCS, vol. 5443, pp. 105–123. Springer, Heidelberg (2009)Google Scholar
  20. 20.
    Crescenzo, G.D., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to Forget a Secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 500–509. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Desmedt, Y.G., Pieprzyk, J., Steinfeld, R., Wang, H.: A Non-Malleable Group Key Exchange Protocol Robust Against Active Insiders. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 459–475. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Jarecki, S., Kim, J., Tsudik, G.: Robust Group Key Agreement using Short Broadcasts. In: Proc. of ACM CCS 2007, pp. 411–420. ACM, New York (2007)CrossRefGoogle Scholar
  23. 23.
    Katz, J., Shin, J.S.: Modeling Insider Attacks on Group Key Exchange Protocols. In: Proc. of ACM CCS 2005, pp. 180–189. ACM Press, New York (2005)Google Scholar
  24. 24.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)Google Scholar
  25. 25.
    Kim, Y., Perrig, A., Tsudik, G.: Group Key Agreement Efficient in Communication. IEEE Transactions on Computers 53(7), 905–921 (2004)CrossRefGoogle Scholar
  26. 26.
    Kim, Y., Perrig, A., Tsudik, G.: Tree-Based Group Key Agreement. ACM Transactions on Information and System Security 7(1), 60–96 (2004)CrossRefGoogle Scholar
  27. 27.
    Kim, J., Tsudik, G.: Survival in the Wild: Robust Group Key Agreement in Wide-Area Networks. In: ICISC 2008. LNCS, vol. 5461, pp. 66–83. Springer, Heidelberg (2008)Google Scholar
  28. 28.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
  29. 29.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Manulis, M.: Provably Secure Group Key Exchange. PhD thesis, Ruhr Univ. Bochum (2007)Google Scholar
  31. 31.
    Mitchell, C.J., Ward, M., Wilson, P.: Key Control in Key Agreement Protocols. Electronic Letters 34(10), 980–981 (1998)CrossRefGoogle Scholar
  32. 32.
    Pedersen, T.P.: Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  33. 33.
    Pfitzmann, B., Waidner, M.: A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In: IEEE S&P 2001, pp. 184–200. IEEE CS, Los Alamitos (2001)Google Scholar
  34. 34.
    Pieprzyk, J., Wang, H.: Key Control in Multi-party Key Agreement Protocols. In: CCC/PCS 2003, vol. 23 (2003)Google Scholar
  35. 35.
    Sadeghi, A.-R., Steiner, M.: Assumptions Related to Discrete Logarithms: Why Subtleties Make a Real Difference. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 244–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  36. 36.
    Shoup, V.: On Formal Models for Secure Key Exchange (Version 4). TR-RZ 3120, IBM Research (November 1999)Google Scholar
  37. 37.
    Stadler, M.: Publicly Verifiable Secret Sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 90–99. Springer, Heidelberg (1996)Google Scholar
  38. 38.
    Steiner, M.: Secure Group Key Agreement. PhD thesis, Saarland University (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Timo Brecher
    • 3
  • Emmanuel Bresson
    • 2
  • Mark Manulis
    • 1
  1. 1.Cryptographic Protocols GroupTU Darmstadt & CASEDGermany
  2. 2.DCSSI Crypto LabParisFrance
  3. 3.INFODAS GmbHCologneGermany

Personalised recommendations