Cryptology ePrint Archive: Report 2010/427

Security Improvement on a Password-Authenticated Group Key Exchange Protocol

Junghyun Nam

Abstract: A group key exchange (GKE) protocol is designed to allow a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. Among the many protocols is Yi et al.'s password-authenticated GKE protocol in which each participant is assumed to hold their individual password registered with a trusted server. A fundamental requirement for password-authenticated key exchange is security against off-line dictionary attacks. However, Yi et al.'s protocol fails to meet the requirement. In this work, we report this security problem with Yi et al.'s protocol and show how to solve it.

Category / Keywords: cryptographic protocols / Group key exchange, password, dictionary attack, identity-based cryptography

Date: received 1 Aug 2010, withdrawn 2 Aug 2010

Contact author: jhnam at kku ac kr

Available format(s): (-- withdrawn --)

Version: 20100802:234951 (All versions of this report)

Short URL: ia.cr/2010/427

Discussion forum: Show discussion | Start new discussion