Paper 2019/1458

Out-of-Band Authenticated Group Key Exchange: From Strong Authentication to Immediate Key Delivery

Moni Naor, Lior Rotem, and Gil Segev


Given the inherent ad-hoc nature of popular communication platforms, out-of-band authenticated key-exchange protocols are becoming widely deployed: Key exchange protocols that enable users to detect man-in-the-middle attacks by manually authenticating one short value. In this work we put forward the notion of immediate key delivery for such protocols, requiring that even if some users participate in the protocol but do not complete it (e.g., due to losing data connectivity or to other common synchronicity issues), then the remaining users should still agree on a shared secret. A property of a similar flavor was introduced by Alwen, Coretti and Dodis (EUROCRYPT '19) asking for immediate decryption of messages in user-to-user messaging while assuming that a shared secret has already been established -- but the underlying issue is crucial already during the initial key exchange and goes far beyond the context of messaging. Equipped with our immediate key delivery property, we formalize strong notions of security for out-of-band authenticated group key exchange, and demonstrate that the existing protocols either do not satisfy our notions of security or are impractical (these include, in particular, the protocols deployed by Telegram, Signal and WhatsApp). Then, based on the existence of any passively-secure key-exchange protocol (e.g., the Diffie-Hellman protocol), we construct an out-of-band authenticated group key-exchange protocol satisfying our notions of security. Our protocol is inspired by techniques that have been developed in the context of fair string sampling in order to minimize the effect of adversarial aborts, and offers the optimal tradeoff between the length of its out-of-band value and its security.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.Conference on Information-Theoretic Cryptography (ITC) 2020
Contact author(s)
lior rotem @ cs huji ac il
2020-04-02: revised
2019-12-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Moni Naor and Lior Rotem and Gil Segev},
      title = {Out-of-Band Authenticated Group Key Exchange: From Strong Authentication to Immediate Key Delivery},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1458},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.