Paper 2012/287

Computationally-Fair Group and Identity-Based Key-Exchange

Andrew C. Yao and Yunlei Zhao


In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (re-ferred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9] (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an adversary can do the following damages: (1) It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players. (2) It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker. We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange. Then, based on the computationally fair Diffie-Hellman key- exchange in [21], we present some fixing approaches, and prove that the fixed protocols are computationally fair.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
yunleizhao @ gmail com
2012-05-29: received
Short URL
Creative Commons Attribution


      author = {Andrew C.  Yao and Yunlei Zhao},
      title = {Computationally-Fair Group and Identity-Based Key-Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2012/287},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.