Computationally-Fair Group and Identity-Based Key-Exchange
In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol  (referred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol  (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an adversary can do the following damages:
It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players.
It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker.
We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange, which yet bring some new perspectives to the literature of group and identity-based key-exchange. We then present some fixing approaches, and prove that the fixed protocols are computationally fair.
KeywordsHash Function Random Oracle Random Oracle Model Cryptology ePrint Archive Dominant Operation
Unable to display preview. Download preview PDF.
- 3.Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
- 4.Bresson, E., Manulis, M.: Securing Group Key Exchange Against Strong Corruptions. In: ASIACCS 2008, pp. 249–260. ACM (2008)Google Scholar
- 8.Choudary Gorantla, M., Gangishetti, R., Saxena, A.: A Survey on ID-Based Cryptographic Primitives. Cryptology ePrint Archive, Report No. 2005/094 (2005)Google Scholar
- 9.Chen, L., Kudla, C.: Identity Based Key Agreement Protocols From Pairings. In: IEEE Computer Security Foundations Workshop, pp. 219–233 (2002); Full version available at: Cryptology ePrint Archive, Report 2002/184 (2002)Google Scholar
- 15.Katz, J., Shin, J.: Modeling Insider Attackss on Group Key Exchange. In: ACM CCS 2005, pp. 180–189 (2005)Google Scholar
- 17.Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
- 18.Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, pp. 617–619. CRC Press (1995)Google Scholar
- 20.Yao, A.C., Zhao, Y.: Method and Structure for Self-Sealed Joint Proof-of-Knowledge and Diffie-Hellman Key-Exchange Protocols. PCT Patent, No.PCT/CN2008/072794 (August 2008); Online available from Global Intellectual Property Office (GIPO)Google Scholar
- 21.Yao, A.C., Zhao, Y.: A New Family of Practical Non-Malleable Diffie-Hellman Protocols CoRR abs/1105.1071 (2011)Google Scholar