Authenticated multi-party key agreement
We examine key agreement protocols providing (i) key authentication (ii) key confirmation and (iii) forward secrecy. Attacks are presented against previous two-party key agreement schemes and we subsequently present a protocol providing the properties listed above.
A generalization of the Burmester-Desmedt (BD) model (Eurocrypt '94) for multi-party key agreement is given, allowing a transformation of any two-party key agreement protocol into a multi-party protocol. A multi-party scheme (based on the general model and a specific 2-party scheme) is presented that reduces the number of rounds required for key computation compared to the specific BD scheme. It is also shown how the specific BD scheme fails to provide key authentication.
Key Wordskey agreement authentication confirmation forward secrecy
Unable to display preview. Download preview PDF.
- 1.M. Abadi, R. Needham, “Prudent Engineering Practice for Cryptographic Protocols”, DEC SRC Research Report 125, June 1, 1994.Google Scholar
- 2.M. Bellare, P. Rogaway, “Entity Authentication and Key Distribution”, Advances in Cryptology: Proceedings of CRYPTO '93, Springer-Verlag, 1993, pp.232–249.Google Scholar
- 4.M. Burmester, “On the Risk of Opening Distributed Keys”, Advances in Cryptology: Proceedings of Crypto '94, Springer-Verlag, 1994, pp.308–317.Google Scholar
- 5.M. Burmester, Y. Desmedt, “A Secure and Efficient Conference Key Distribution System”, Advances in Cryptology: Proceedings of Eurocrypt '94, Springer-Verlag, 1995, pp.275–286.Google Scholar
- 7.W. Diffie, P.C. van Oorschot, M.J. Wiener, “Authentication and Authenticated Key Exchanges”, Designs, Codes and Cryptography, Vol. 2, 1992, pp. 107–125.Google Scholar
- 9.C. Günther, “An Identity-Based Key Exchange Protocol”, Advances in Cryptology: Proceedings of Eurocrypt '89, Springer-Verlag, 1989, pp.29–37.Google Scholar
- 11.H. Krawczyk, “SKEME: A Versatile Secure Key Exchange Mechanism for Internet”, Proceedings of the Internet Society Symposium on Network and Distributed System Security, Feb. 1996 (also presented at the Crypto '95 rump session).Google Scholar
- 12.T. Matsumoto, Y. Takashima, H. Imai, “On Seeking Smart Public-Key Distribution Systems”, The Transactions of the IECE of Japan, Vol. E. 69, No. 2, February 1986, pp. 99–106.Google Scholar
- 13.A. Menezes, M. Qu, S. Vanstone, “Some New Key Agreement Protocols Providing Implicit Authentication”, presented at the Workshop on Selected Areas in Cryptography (SAC '95), Carleton University, Ottawa, ON., pp. 22–32.Google Scholar
- 14.D. Pointcheval, J. Stern, “Security Proofs for Signature Schemes”, Advances in Cryptology: Proceedings of Eurocrypt '96, Springer-Verlag, 1996, pp.387–398.Google Scholar
- 15.B. Preneel, Cryptographic Hash Functions, Kluwer Academic Publishers (to appear, 1996).Google Scholar
- 17.D. Steer, L. Strawczynski, W. Diffie, M. Wiener, “A Secure Audio Teleconference System”, Advances in Cryptology: Proceedings of CRYPTO '88, Springer-Verlag, 1988, pp.520–528.Google Scholar
- 18.M. Steiner, G. Tsudik, M. Waidner, “Diffie-Hellman Key Distribution Extended to Group Communication”, 3rd ACM Conference on Computer and Communications Security, New Dehli, India, March 14–16, 1996.Google Scholar
- 19.P. van Oorschot, M. Wiener, “On Diffie-Hellman Key Agreement with Short Exponents”, Advances in Cryptology: Proceedings of Eurocrypt '96, Springer-Verlag, 1996, pp.332–343.Google Scholar
- 20.Y. Yacobi, “A Key Distribution ‘Paradox'”, Advances in Cryptology: Proceedings of CRYPTO '90, Springer-Verlag, 1990, pp.268–273.Google Scholar