Generic One Round Group Key Exchange in the Standard Model

  • M. Choudary Gorantla
  • Colin Boyd
  • Juan Manuel González Nieto
  • Mark Manulis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5984)


Minimizing complexity of group key exchange (GKE) protocols is an important milestone towards their practical deployment. An interesting approach to achieve this goal is to simplify the design of GKE protocols by using generic building blocks. In this paper we investigate the possibility of founding GKE protocols based on a primitive called multi key encapsulation mechanism (mKEM) and describe advantages and limitations of this approach. In particular, we show how to design a one-round GKE protocol which satisfies the classical requirement of authenticated key exchange (AKE) security, yet without forward secrecy. As a result, we obtain the first one-round GKE protocol secure in the standard model. We also conduct our analysis using recent formal models that take into account both outsider and insider attacks as well as the notion of key compromise impersonation resilience (KCIR). In contrast to previous models we show how to model both outsider and insider KCIR within the definition of mutual authentication. Our analysis additionally implies that the insider security compiler by Katz and Shin from ACM CCS 2005 can be used to achieve more than what is shown in the original work, namely both outsider and insider KCIR.


Group Key Exchange Key Encapsulation Mechanism Key Compromise Impersonation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably authenticated group Diffie-Hellman key exchange. In: CCS 2001: Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 255–264. ACM, New York (2001)CrossRefGoogle Scholar
  2. 2.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably Authenticated Group Diffie-Hellman Key Exchange - The Dynamic Case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Bresson, E., Manulis, M.: Securing Group Key Exchange against Strong Corruptions. In: Proceedings of ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008), pp. 249–260. ACM Press, New York (2008)CrossRefGoogle Scholar
  6. 6.
    Katz, J., Shin, J.S.: Modeling insider attacks on group key-exchange protocols. In: Proceedings of the 12th ACM Conference on Computer and Communications Security CCS 2005, pp. 180–189. ACM, New York (2005)CrossRefGoogle Scholar
  7. 7.
    Bohli, J.M., Gonzalez Vasco, M.I., Steinwandt, R.: Secure group key establishment revisited. Int. J. Inf. Sec. 6(4), 243–254 (2007)CrossRefGoogle Scholar
  8. 8.
    Gorantla, M.C., Boyd, C., González Nieto, J.M.: Modeling Key Compromise Impersonation Attacks on Group Key Exchange Protocols. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 105–123. Springer, Heidelberg (2009)Google Scholar
  9. 9.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. Technical report (2002),
  10. 10.
    Smart, N.P.: Efficient Key Encapsulation to Multiple Parties. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 208–219. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Gorantla, M.C., Boyd, C., Nieto, J.M.G.: On the Connection Between Signcryption and One-Pass Key Establishment. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 277–301. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Boyd, C., Cliff, Y., Gonz´alez Nieto, J.M., Paterson, K.G.: One-Round Key Exchange in the Standard Model. International Journal of Applied Cryptography 1(3), 181–199 (2009)zbMATHCrossRefGoogle Scholar
  13. 13.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Information Security and Cryptography. Springer, Heidelberg (August 2003)Google Scholar
  14. 14.
    Boyd, C., González Nieto, J.M.: Round-Optimal Contributory Conference Key Agreement. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 161–174. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Boyd, C.: Towards a classification of key agreement protocols. In: The Eighth IEEE Computer Security Foundations Workshop CSFW 1995, pp. 38–43. IEEE Computer Society, Los Alamitos (1995)CrossRefGoogle Scholar
  16. 16.
    Boyd, C.: On Key Agreement and Conference Key Agreement. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, pp. 294–302. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. 17.
    Bohli, J.M., Steinwandt, R.: Deniable Group Key Agreement. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 298–311. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Bresson, E., Manulis, M.: Contributory Group Key Exchange in the Presence of Malicious Participants. IET Information Security 2(3), 85–93 (2008)CrossRefGoogle Scholar
  19. 19.
    Bresson, E., Chevassut, O., Essiari, A., Pointcheval, D.: Mutual Authentication and Group Key Agreement for Low-Power Mobile Devices. In: Proc. of MWCN 2003, October 2003, pp. 59–62 (2003)Google Scholar
  20. 20.
    Al-Riyami, S.S., Paterson, K.G.: Tripartite Authenticated Key Agreement Protocols from Pairings. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 332–359. Springer, Heidelberg (2003)Google Scholar
  21. 21.
    Gorantla, M.C., Boyd, C., Nieto, J.M.G., Manulis, M.: Generic One Round Group Key Exchange in the Standard Model. Cryptology ePrint Archive, Report 2009/514 (2009),
  22. 22.
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 13. Springer, Heidelberg (1998)Google Scholar
  23. 23.
    Canetti, R., Halevi, S., Katz, J.: Chosen-Ciphertext Security from Identity- Based Encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)Google Scholar
  24. 24.
    Furukawa, J., Armknecht, F., Kurosawa, K.: A Universally Composable Group Key Exchange Protocol with Minimum Communication Effort. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 392–408. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • M. Choudary Gorantla
    • 1
  • Colin Boyd
    • 1
  • Juan Manuel González Nieto
    • 1
  • Mark Manulis
    • 2
  1. 1.Information Security Institute, Faculty of ITQueensland University of TechnologyBrisbaneAustralia
  2. 2.Cryptographic Protocols Group, Department of Computer ScienceTUDarmstadt & CASEDGermany

Personalised recommendations