Paper 2016/1166

Group key exchange protocols withstanding ephemeral-key reveals

Maria Isabel Gonzalez Vasco, Angel L. Perez del Pozo, and Adriana Suarez Corona

Abstract

When a group key exchange protocol is executed, the session key is typically extracted from two types of secrets; long-term keys (for authentication) and freshly generated (often random) values. The leakage of this latter so-called ephemeral keys has been extensively analyzed in the 2-party case, yet very few works are concerned with it in the group setting. We provide a generic {group key exchange} construction that is strongly secure, meaning that the attacker is allowed to learn both long-term and ephemeral keys (but not both from the same participant, as this would trivially disclose the session key). Our design can be seen as a compiler, in the sense that it builds on a 2-party key exchange protocol which is strongly secure and transforms it into a strongly secure group key exchange protocol by adding only one extra round of communication. When applied to an existing 2-party protocol from Bergsma et al., the result is a 2-round group key exchange protocol which is strongly secure in the standard model, thus yielding the first construction with this property.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Group Key AgreementStrong SecurityEphemeral KeysCompiler
Contact author(s)
mariaisabel vasco @ urjc es
History
2016-12-28: received
Short URL
https://ia.cr/2016/1166
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1166,
      author = {Maria Isabel Gonzalez Vasco and Angel L.  Perez del Pozo and Adriana Suarez Corona},
      title = {Group key exchange protocols withstanding ephemeral-key reveals},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1166},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/1166}},
      url = {https://eprint.iacr.org/2016/1166}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.