Paper 2010/225

A Security Weakness in a Generic Construction of a Group Key Exchange Protocol

Junghyun Nam


Protocols for group key exchange are cryptographic algorithms that allow a group of parties communicating over a public network to come up with a common secret key. One of the interesting results of research on group key exchange is the protocol compiler presented by Abdalla et al.~in TCC '07. Abdalla et al.'s compiler shows how one can transform any authenticated 2-party key exchange protocol into an authenticated group key exchange protocol with 2 more rounds of communication. This compiler certainly is elegant in its genericness, symmetricity, simplicity and efficiency. However, the situation completely changes when it comes to security. In this work, we reveal a major security weakness in Abdalla et al.'s compiler and show how to address it. The security weakness uncovered here implies that Abdalla et al.'s proof of security for their compiler is invalid.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
CryptographyGroup key exchangeProtocol compilerImplicit key authenticationKey confirmation.
Contact author(s)
jhnam @ kku ac kr
2010-04-28: received
Short URL
Creative Commons Attribution


      author = {Junghyun Nam},
      title = {A Security Weakness in a Generic Construction of a Group Key Exchange Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2010/225},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.