Computationally-Fair Group and Identity-Based Key-Exchange

  • Andrew C. Yao
  • Yunlei Zhao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7287)


In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (referred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9] (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an adversary can do the following damages:

  • It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players.

  • It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker.

We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange, which yet bring some new perspectives to the literature of group and identity-based key-exchange. We then present some fixing approaches, and prove that the fixed protocols are computationally fair.


Hash Function Random Oracle Random Oracle Model Cryptology ePrint Archive Dominant Operation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Bresson, E., Chevassut, O., Pointcheval, D.: Password-Based Group Key Exchange in a Constant Number of Rounds. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 427–442. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Al-Riyami, S.S., Paterson, K.G.: Certificateless Public Key Cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  4. 4.
    Bresson, E., Manulis, M.: Securing Group Key Exchange Against Strong Corruptions. In: ASIACCS 2008, pp. 249–260. ACM (2008)Google Scholar
  5. 5.
    Bohli, J.M., Gonzalez Vasco, M.I., Steinwandt, R.: Secure Group Key Establishment Revisited. International Journal of Information Security 6(4), 243–254 (2007)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Burmester, M., Desmedt, Y.: A Secure and Efficient Conference Key Distribution System. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  8. 8.
    Choudary Gorantla, M., Gangishetti, R., Saxena, A.: A Survey on ID-Based Cryptographic Primitives. Cryptology ePrint Archive, Report No. 2005/094 (2005)Google Scholar
  9. 9.
    Chen, L., Kudla, C.: Identity Based Key Agreement Protocols From Pairings. In: IEEE Computer Security Foundations Workshop, pp. 219–233 (2002); Full version available at: Cryptology ePrint Archive, Report 2002/184 (2002)Google Scholar
  10. 10.
    Desmedt, Y., Pieprzyk, J., Steinfeld, R., Wang, H.: A Non-malleable Group Key Exchange Protocol Robust Against Active Insiders. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 459–475. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transaction on Information Theory 22(6), 644–654 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Garay, J.A., MacKenzie, P.D., Prabhakaran, M., Yang, K.: Resource Fairness and Composability of Cryptographic Protocols. Journal of Cryptology 24(4), 615–658 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Goldwasser, S., Lindell, Y.: Secure Computation without Agreement. Journal of Cryptology 18(3), 247–287 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Gordon, D.M.: A Survey of Fast Exponentiation Methods. Journal of Algorithms 27(1), 129–146 (1998)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Katz, J., Shin, J.: Modeling Insider Attackss on Group Key Exchange. In: ACM CCS 2005, pp. 180–189 (2005)Google Scholar
  16. 16.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, pp. 617–619. CRC Press (1995)Google Scholar
  19. 19.
    Mitchell, C.J., Ward, M., Wilson, P.: Key Control in Key Agreement Protocols. Electronic Letters 34(10), 980–981 (1998)CrossRefGoogle Scholar
  20. 20.
    Yao, A.C., Zhao, Y.: Method and Structure for Self-Sealed Joint Proof-of-Knowledge and Diffie-Hellman Key-Exchange Protocols. PCT Patent, No.PCT/CN2008/072794 (August 2008); Online available from Global Intellectual Property Office (GIPO)Google Scholar
  21. 21.
    Yao, A.C., Zhao, Y.: A New Family of Practical Non-Malleable Diffie-Hellman Protocols CoRR abs/1105.1071 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Andrew C. Yao
    • 1
  • Yunlei Zhao
    • 2
  1. 1.Tsinghua UniversityBeijingChina
  2. 2.Fudan UniversityShanghaiChina

Personalised recommendations