A two-round universal composable group key exchange protocol

Abstract
A group key exchange (GKE) protocol allows a group of parties to securely establish a common key within an untrusted network. For practical reasons, the number of communication rounds should be as low as possible, in the best case constant and independent of the group size. Furthermore, the security should be proven within a well-defined and established security model. One promising candidate is the universal composability (UC) framework which ensures the secure concurrent run of protocols and the use of their outputs in any subsequent application. Katz and Shin formalized a security model within the UC framework in respect to attackers who can control the communication, adaptively corrupt parties, and take part in the protocol. Furthermore, they described a mechanism to turn GKE protocols with certain security properties into UC-secure protocols. This mechanism can be used to construct a UC-secure GKE protocol which requires three broadcast rounds. To the best of our knowledge, no other UC-secure GKE protocol have been published so far.

In this talk we present a UC-secure GKE protocol that requires only two broadcast rounds, i.e. one round less. The size of the messages is constant, that is independent of the group size. The proof of security relies in the standard model on the decisional bilinear Diffie-Hellman assumption (or a variation, depending on if the number of parties is even or odd).

It is a recent (still unpublished) result from J. Furukawa, K. Kurosawa and myself.

"ARMKNECHT Frederik" is mentioned on: Home | Participants