Cryptology ePrint Archive: Report 2006/119

Repairing Attacks on a Password-Based Group Key Agreement

Ratna Dutta and Rana Barua

Abstract: From designing point of view, it is not a trivial task to convert a group key agreement protocol into password-based setting where the members of the group share only a human-memorable weak password and the system may not have any secure public key infrastructure. Security analysis against dictionary attacks is on the other side of the coin. The low entropy of human memorable password may enable an adversary to mount off-line dictionary attacks if careful approaches are not taken in designing the protocol. Recently, Kim et al. proposed a very efficient provably secure group key agreement protocol KLL, security of which relies on the Computational Diffie-Hellman (CDH) assumption in the presence of random oracles. Dutta-Barua embed the protocol KLL into password-based environment -- yielding the protocol DB-PWD. Abdalla et al. detect certain flaws in the protocol DB-PWD. In this paper, we take suitable measures to overcome these attacks. We introduce a protocol MDB-PWD -- an improved variant of the protocol DB-PWD and analyze its security in the security framework formalized by Bellare et al. in both the ideal cipher model and the random oracle model under CDH assumption.

Category / Keywords: cryptographic protocols /

Date: received 26 Mar 2006, last revised 26 Mar 2006, withdrawn 28 Mar 2006

Contact author: ratna_r at isical ac in

Available format(s): (-- withdrawn --)

Version: 20060328:070253 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]