A Non-malleable Group Key Exchange Protocol Robust Against Active Insiders

  • Yvo Desmedt
  • Josef Pieprzyk
  • Ron Steinfeld
  • Huaxiong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4176)


In this paper we make progress towards solving an open problem posed by Katz and Yung at CRYPTO 2003. We propose the first protocol for key exchange among n ≥2k+1 parties which simultaneously achieves all of the following properties:

1. Key Privacy (including forward security) against active attacks by group outsiders,

2. Non-malleability — meaning in particular that no subset of up to k corrupted group insiders can ‘fix’ the agreed key to a desired value, and

3. Robustness against denial of service attacks by up to k corrupted group insiders.

Our insider security properties above are achieved assuming the availability of a reliable broadcast channel.


Covert Channel Protocol Message Honest Party Security Notion Decryption Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Boyd, C., Nieto, J.: Round-Optimal Contributory Conference Key Agreement. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 161–174. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably Authenticated Group Diffie-Hellman Key Exchange - The Dynamic Case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: Comunications and Computer Security Conference CCS 2001, pp. 255–264. ACM, New York (2001)CrossRefGoogle Scholar
  7. 7.
    Burmester, M., Desmedt, Y.G.: A Secure and Efficient Conference Key Distribution System. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  8. 8.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2005), Available from:
  9. 9.
    Cleve, R.: Limits on the Security of Coin Flips When Half the Processors are Faulty. In: Proc. 18-th STOC, pp. 364–369. ACM Press, New York (1986)Google Scholar
  10. 10.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Trans. on Information Theory 22, 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Katz, J., Sun Shin, J.: Modeling Insider Attacks on Group Key-Exchange Protocols. In: Comunications and Computer Security Conference CCS 2005, pp. 180–189. ACM, New York (2005)CrossRefGoogle Scholar
  13. 13.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Lampson, B.W.: A note on the confinement problem. Comm. ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  15. 15.
    Pedersen, T.P.: Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  16. 16.
    Pieprzyk, J., Wang, H.: Key Control in Multi-party Key Agreement Protocols. In: Workshop on Coding, Cryptography and Combinatorics (CCC 2003). LNCS. Springer, Berlin (2003)Google Scholar
  17. 17.
    Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Chaum, D. (ed.) Advances in Cryptology. Proc. of Crypto 1983, Santa Barbara, California, August 1983, pp. 51–67. Plenum Press, N.Y (1984)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yvo Desmedt
    • 1
  • Josef Pieprzyk
    • 2
  • Ron Steinfeld
    • 2
  • Huaxiong Wang
    • 2
  1. 1.Department of Compter ScienceUniversity College LondonUK
  2. 2.Centre for Advanced Computing – Algorithm and Cryptography, Department of ComputingMacquarie UniversityAustralia

Personalised recommendations