Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange

  • Atsushi Fujioka
  • Mark Manulis
  • Koutarou Suzuki
  • Berkant Ustaoğlu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7372)


Tripartite (Diffie-Hellman) Key Exchange (3KE), introduced by Joux (ANTS-IV 2000), represents today the only known class of group key exchange protocols, in which computation of unauthenticated session keys requires one round and proceeds with minimal computation and communication overhead. The first one-round authenticated 3KE version that preserved the unique efficiency properties of the original protocol and strengthened its security towards resilience against leakage of ephemeral (session-dependent) secrets was proposed recently by Manulis, Suzuki, and Ustaoglu (ICISC 2009).

In this work we explore sufficient conditions for building such protocols. We define a set of admissible polynomials and show how their construction generically implies 3KE protocols with the desired security and efficiency properties. Our result generalizes the previous 3KE protocol and gives rise to many new authenticated constructions, all of which enjoy forward secrecy and resilience to ephemeral key-leakage under the gap Bilinear Diffie-Hellman assumption in the random oracle model.


Random Oracle Random Oracle Model Forward Secrecy Protocol Execution Ephemeral Secret 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Chevalier, C., Manulis, M., Pointcheval, D.: Flexible Group Key Exchange with On-demand Computation of Subgroup Keys. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 351–368. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-Based Authenticated Key Exchange in the Three-Party Setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Abdalla, M., Pointcheval, D.: A Scalable Password-Based Group Key Exchange Protocol in the Standard Model. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 332–347. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Al-Riyami, S.S., Paterson, K.G.: Tripartite Authenticated Key Agreement Protocols from Pairings. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 332–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Baek, J., Safavi-Naini, R., Susilo, W.: Efficient Multi-receiver Identity-Based Encryption and Its Application to Broadcast Encryption. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 380–397. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Bellovin, S.M., Merritt, M.: Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise. In: ACM CCS 1993, pp. 244–250. ACM (1993)Google Scholar
  9. 9.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: ACM CCS 2001, pp. 255–264. ACM Press (2001)Google Scholar
  11. 11.
    Bresson, E., Manulis, M.: Contributory Group Key Exchange in the Presence of Malicious Participants. IET Information Security 2(3), 85–93 (2008)CrossRefGoogle Scholar
  12. 12.
    Bresson, E., Manulis, M.: Securing Group Key Exchange against Strong Corruptions. In: ACM ASIACCS 2008, pp. 249–260. ACM Press (2008); full version in Intl. J. Applied Cryptography in 2008Google Scholar
  13. 13.
    Bresson, E., Manulis, M., Schwenk, J.: On Security Models and Compilers for Group Key Exchange Protocols. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 292–307. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Choo, K.-K.R.: Secure Key Establishment. Advances in Information Security, vol. 41. Springer (2009)Google Scholar
  16. 16.
    Cremers, C.J.F.: Examining Indistinguishability-Based Security Models for Key Exchange Protocols: The case of CK, CK-HMQV, and eCK. In: ASIACCS 2011, pp. 80–91. ACM, New York (2011)Google Scholar
  17. 17.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Fujioka, A., Suzuki, K.: Designing Efficient Authenticated Key Exchange Resilient to Leakage of Ephemeral Secret Keys. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 121–141. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Gorantla, M.C., Boyd, C., González-Nieto, J.M., Manulis, M.: Modeling key compromise impersonation attacks on group key exchange protocols. ACM Trans. Inf. Syst. Secur. 14(4), 28 (2011)CrossRefGoogle Scholar
  20. 20.
    Joux, A.: A one round protocol for tripartite Diffie–Hellman. Journal of Cryptology 17(4), 263–276 (2004)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Katz, J., Shin, J.S.: Modeling Insider Attacks on Group Key-Exchange Protocols. In: ACM CCS 2005, pp. 180–189. ACM Press (2005)Google Scholar
  22. 22.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. J. Cryptology 20(1), 85–113 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Kim, M., Fujioka, A., Ustaoğlu, B.: Strongly Secure Authenticated Key Exchange without NAXOS’ Approach. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 174–191. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
  25. 25.
    LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    Lim, M.-H., Lee, S., Lee, H.: Cryptanalysis on improved one-round Lin-Li’s tripartite key agreement protocol. Cryptology ePrint Archive, Report 2007/411Google Scholar
  27. 27.
    Lim, M.-H., Lee, S., Park, Y., Lee, H.: An Enhanced One-Round Pairing-Based Tripartite Authenticated Key Agreement Protocol. In: Gervasi, O., Gavrilova, M.L. (eds.) ICCSA 2007, Part II. LNCS, vol. 4706, pp. 503–513. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Lin, C.-H., Lin, H.-H.: Secure one-round tripartite authenticated key agreement protocol from Weil pairing. In: AINA 2005, vol. 2, pp. 135–138. IEEE (2005)Google Scholar
  29. 29.
    Manulis, M.: Security-Focused Survey on Group Key Exchange Protocols. Cryptology ePrint Archive, Report 2006/395 (2006),
  30. 30.
    Manulis, M.: Group Key Exchange Enabling On-Demand Derivation of Peer-to-Peer Keys. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 1–19. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Manulis, M., Suzuki, K., Ustaoglu, B.: Modeling Leakage of Ephemeral Secrets in Tripartite/Group Key Exchange. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 16–33. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  32. 32.
    Menezes, A., Ustaoglu, B.: Comparing the Pre- and Post-specified Peer Models for Key Agreement. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 53–68. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  33. 33.
    Moriyama, D., Okamoto, T.: An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol. 5848, pp. 154–167. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Okamoto, T.: Authenticated Key Exchange and Key Encapsulation in the Standard Model. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 474–484. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  35. 35.
    Okamoto, T., Pointcheval, D.: The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes. In: Kim, K.-C. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  36. 36.
    Shim, K.: Efficient one round tripartite authenticated key agreement protocol from Weil pairing. IET Electronics Letters 39(2), 208–209 (2003)CrossRefGoogle Scholar
  37. 37.
    Ustaoglu, B.: Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman Protocols. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol. 5848, pp. 183–197. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Zhao, J., Gu, D., Gorantla, M.C.: Stronger security model of group key agreement. In: ASIACCS 2011, pp. 435–440. ACM (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Atsushi Fujioka
    • 1
  • Mark Manulis
    • 2
  • Koutarou Suzuki
    • 1
  • Berkant Ustaoğlu
    • 3
  1. 1.NTT Secure Platform LaboratoriesMusashino-shiJapan
  2. 2.University of SurreyGuildford, SurreyUnited Kingdom
  3. 3.Izmir Institute of TechnologyUrlaTurkey

Personalised recommendations