This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Secure Fault-Tolerant Conference-Key Agreement Protocol
April 2002 (vol. 51 no. 4)
pp. 373-379

When a group of people want to communicate securely over an open network, they run a conference-key protocol to establish a common conference key K such that all their communications thereafter are encrypted with the key K. In this paper, we propose a provably secure fault-tolerant conference-key agreement protocol under the authenticated broadcast channel model. We show that a passive adversary gets zero knowledge about the conference key established by the honest participants under the assumption of a variant Diffie-Hellman decision problem. We also show that the honest participants can agree on a common conference key no matter how many participants are malicious. Furthermore, we show that even if the broadcast channel is not authenticated, our protocol is secure against impersonators under the random oracle model.

[1] M. Bellare and P. Rogaway, “Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols,” Proc. First ACM Conf. Computer and Comm. Security, pp. 62-73, 1993.
[2] M. Bellare and P. Rogaway, “The Exact Security of Digital Signatures, How to Sign with RSA and Rabin,” Proc. Advances in Cryptology—Eurocrypt '96, pp. 399-416, 1996.
[3] M. Ben-Or, S. Goldwasser, and A. Wigderson, “Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation,” Proc. 20th ACM Symp. Theory of Computing, pp. 1-10, 1988.
[4] S. Berkovits, “How to Broadcast a Secret,” Proc. Advances in Cryptology—Eurocrypt '91, pp. 535-541, 1991.
[5] R. Blom, “An Optimal Class of Symmetric Key Generation Systems,” Proc. Advances in Cryptology—Eurocrypt '84, pp. 335-338, 1985.
[6] C. Blundo, A.D. Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, “Perfectly-Secure Key Distribution for Dynamic Conferences,” Proc. Advances in Cryptology—Crypto '92, pp. 471-486, 1993.
[7] D. Boneh and R. Venkatesan, “Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Problems,” Proc. Advances in Cryptology—Crypto '96, pp. 129-142, 1996.
[8] M. Burmester and Y. Desmedt, “A Secure and Efficient Conference Key Distribution System,” Proc. Advances in Cryptology—Eurocrypt '94, pp. 275-286, 1995.
[9] R. Canetti and A. Herzberg, “Maintaining Security in the Presence of Transient Faults,” Proc. Advances in Cryptology—Crypto '94, pp. 425-438, 1994.
[10] C.C. Chang and C.H. Lin, “How to Converse Securely in a Conference,” Proc. IEEE 30th Ann. Int'l Carnahan Conf., pp. 42-45, 1996.
[11] C.C. Chang, T.C. Wu, and C.P. Chen, “The Design of a Conference Key Distribution System,” Proc. Advances in Cryptology—Auscrypt '92, pp. 459-466, 1992.
[12] W. Diffie and M.E. Hellman, New Directions in Cryptography IEEE Trans. Information Theory, vol. 22, pp. 644-654, 1976.
[13] W. Diffie, P.C. van Oorschot, and M.J. Weiner, “Authentication and Authenticated Key Exchanges,” Design, Codes and Cryptography, vol. 2, pp. 107-125, 1992.
[14] M. Fitzi, M. Hirt, and U. Maurer, “Trading Correctness for Privacy in Unconditional Multi-Party Compution,” Proc. Advances in Cryptology—Crypto '98, pp. 121-136, 1998.
[15] T.L. Hwang and J.L. Chen, “Identity-Based Conference Key Broadcast Systems,” IEE Proc.: Computers and Digital Techniques, vol. 141, no. 1, pp. 57-60, 1994.
[16] I. Ingemarsson, D.T. Tang, and C.K. Wong, “A Conference Key Distribution System,” IEEE Trans. Information Theory, vol. 28, no. 5, pp. 714-720, 1982.
[17] B. Klein, M. Otten, and T. Beth, “Conference Key Distribution Protocols in Distributed Systems,” Proc. Codes and Ciphers—Cryptography and Coding IV, pp. 225-242, 1995.
[18] K. Koyama, “Secure Conference Key Distribution Schemes for Conspiracy Attack,” Proc. Advances in Cryptology—Eurocrypt '92, pp. 449-453, 1993.
[19] K. Koyama and K. Ohta, “Identity-Based Conference Key Distribution Systems,” Proc. Advances in Cryptology—Crypto '87, pp. 175-184, 1988.
[20] K. Koyama and K. Ohta, “Security of Improved Identity-Based Conference Key Distributioin Systems,” Proc. Advances in Cryptology—Eurocrypt '88, pp. 11-19, 1988.
[21] T. Matsumoto and H. Imai, “On the Key Predistribution System: A Practical Solution to the Key Distribution Problem,” Proc. Advances in Cryptology—Crypto '87, pp. 185-193, 1988.
[22] C. Mitchell, F. Piper, and P. Wild, “Digital Signature,” Contempary Cryptography, The Science of Information Integrity, pp. 325-378, 1992.
[23] M. Naor and O. Reingold, “Number-Theoretic Constructions of Efficient Pseudorandom Functions,” Proc. 38th IEEE Symp. Foundations of Computer Science, 1997.
[24] D. Pointcheval and J. Stern, “Security Proofs for Signatue Schemes,” Proc. Advances in Cryptology—Eurocrypt '96, pp. 387-398, 1996.
[25] T. Rabin and M. Ben-Or, “Verifiable Secret Sharing and Multiparty Protocols with Honest Majority,” Proc. 26th ACM Symp. Theory of Computing, pp. 73-85, 1989.
[26] R. Rueppel and P. Van Oorschot, “Modern Key Agreement Techniques,” Computer Comm., 1994.
[27] A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, pp. 612-613, 1979.
[28] A. Shimbo and S. Kawamura, “Cryptanalysis of Several Conference Key Distribution Schemes,” Proc. Advances in Cryptology—Asiacrypt '91, pp. 265-276, 1993.
[29] V. Shoup, “Lower Bounds for Discrete Logarithms and Related Problems,” Proc. Advances in Cryptology—Eurocrypt '97, pp. 256-266, 1997.
[30] D. Steer, L. Strawczynski, W. Diffie, and M. Wiener, “A Secure Audio Teleconference System,” Proc. Advances in Cryptology—Crypto '88, pp. 520-528, 1990.
[31] T.C. Wu, “Conference Key Distribution System with User Anonymity Based on Algebraic Approach,” IEE Proc.: Computers and Digital Techniques, vol. 144, no. 2, pp. 145-148, 1997.
[32] Y. Yacobi, “Attack on the Koyama-Ohta Identity Based Key Distribution Scheme,” Proc. Advances in Cryptology—Crypto '87, pp. 429-433, 1988.

Index Terms:
conference key, provable security, fault tolerance
Citation:
W.G. Tzeng, "A Secure Fault-Tolerant Conference-Key Agreement Protocol," IEEE Transactions on Computers, vol. 51, no. 4, pp. 373-379, April 2002, doi:10.1109/12.995447
Usage of this product signifies your acceptance of the Terms of Use.