Paper 2005/185

Security properties of two provably secure conference key agreement protocols

Qiang Tang and Chris J. Mitchell


In this paper we analyse the security of two authenticated group key agreement schemes based on the group key agreement protocol of Burmester and Desmedt. One scheme was proposed by Burmester and Desmedt, and uses a separate authentication scheme to achieve authentication among the participants. We show that this scheme suffers from a number of security vulnerabilities. The other scheme was generated using the general protocol compiler of Katz and Yung. We show that in some circumstances, even if key confirmation is implemented, this scheme still suffers from insider attacks (which are not covered by the security model used by Katz and Yung).

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
authenticationgroup key agreement
Contact author(s)
qiang tang @ rhul ac uk
2005-06-24: revised
2005-06-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Qiang Tang and Chris J.  Mitchell},
      title = {Security properties of two provably secure conference key agreement protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2005/185},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.