Cryptology ePrint Archive: Report 2007/469

ID-Based Group Password-Authenticated Key Exchange

Xun Yi and Raylin Tso and Eiji Okamoto

Abstract: Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKE protocols in the group scenario, in which a group of clients, each of them shares a password with an ``honest but curious'' server, intend to establish a common secret key (i.e., a group key) with the help of the server. In this setting, the key established is known to the clients only and no one else, including the server. Each client needs to remember passwords only while the server keeps passwords in addition to private keys related to his identity. Towards our goal, we present a compiler that transforms any group key exchange (KE) protocol secure against a passive eavesdropping to a group PAKE which is secure against an active adversary who controls all communication in the network. This compiler is built on any group KE protocol (e.g., the Burmester-Desmedt protocol), any identity-based encryption (IBE) scheme (e.g., Gentry's scheme), and any identity-based signature (IBS) scheme (e.g., Paterson-Schuldt scheme). It adds only two rounds and $O(1)$ communication (per client) to the original group KE protocol. As long as the underlying group KE protocol, IBE scheme and an IBS scheme have provably security without random oracles, a group PAKE constructed by our compiler can be proven to be secure without random oracles.

Category / Keywords: Group key agreement, protocol compiler, password-authenticated key exchange, common reference model.

Publication Info: An old version of the protocol was presented on NIST IBE Workshop 2008.

Date: received 14 Dec 2007, last revised 3 Dec 2008

Contact author: Xun Yi at vu edu au

Available format(s): PDF | BibTeX Citation

Version: 20081204:060945 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]