The Community for Technology Leaders
RSS Icon
Issue No.05 - May (2011 vol.22)
pp: 879-886
Stanisław Jarecki , University of California, Irvine, Irvine
Jihye Kim , Seoul National University, Seoul
Gene Tsudik , University of California, Irvine, Irvine
A robust group key agreement protocol (GKA) allows a set of players to establish a shared secret key, regardless of network/node failures. Current constant-round GKA protocols are either efficient and nonrobust or robust but not efficient; assuming a reliable broadcast communication medium, the standard encryption-based group key agreement protocol can be robust against arbitrary number of node faults, but the size of the messages broadcast by every player is proportional to the number of players. In contrast, nonrobust group key agreement can be achieved with each player broadcasting just constant-sized messages. We propose a novel 2-round group key agreement protocol, which tolerates up to T node failures, using O(T)-sized messages for any T. We show that the new protocol implies a fully-robust group key agreement with logarithmic-sized messages and expected round complexity close to 2, assuming random node faults. The protocol can be extended to withstand malicious insiders at small constant factor increases in bandwidth and computation. The proposed protocol is secure under the (standard) Decisional Square Diffie-Hellman assumption.
Group key agreement, fault-tolerance, algorithms, security.
Stanisław Jarecki, Jihye Kim, Gene Tsudik, "Flexible Robust Group Key Agreement", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 5, pp. 879-886, May 2011, doi:10.1109/TPDS.2010.128
[1] Y. Amir, C. Nita-Rotaru, J.L. Schultz, J.R. Stanton, Y. Kim, and G. Tsudik, "Exploring Robustness in Group Key Agreement," Proc. Int'l Conf. Distributed Computing Systems (ICDCS), pp. 399-408, 2001.
[2] R. Aditya, K. Peng, C. Boyd, E. Dawson, and B. Lee, "Batch Verification for Equality of Discrete Logarithms and Threshold Decryptions," Proc. Second Int'l Conf. Applied Cryptography and Network Security (ACNS), pp. 494-508, 2004.
[3] E. Bresson, O. Chevassut, and D. Pointcheval, "Provably Authenticated Group Diffie-Hellman Key Exchange—the Dynamic Case," Proc. Conf. Asiacrypt '01, Dec. 2001.
[4] M. Burmester and Y. Desmedt, "A Secure and Efficient Conference Key Distribution System (Extended Abstract)," Proc. Conf. Advances in Cryptology (EUROCRYPT '94), pp. 275-286, 1994.
[5] D. Boneh, "The Decision Diffie-Hellman Problem," Proc. Third Int'l Symp. Algorithmic Number Theory, pp. 48-63, 1998.
[6] D. Chaum and T.P. Pedersen, "Wallet Databases with Observers," Proc. 12th Ann. Int'l Cryptology Conf. Advances in Cryptology, pp. 89-105, 1992.
[7] C. Cachin and R. Strobl, "Asynchronous Group Key Exchange with Failures," Proc. 23rd Ann. ACM Symp. Principles of Distributed Computing (PODC), pp. 357-366, 2004.
[8] A. Fiat and A. Shamir, "How to Prove Yourself: Practical Solutions to Identification and Signature Problems," Proc. Conf. Advances in Cryptology (CRYPTO), pp. 186-194, 1986.
[9] J. Katz and M. Yung, "Scalable Protocols for Authenticated Group Key Exchange," Proc. Conf. Advances in Cryptology (CRYPTO), pp. 110-125, 2003.
[10] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996.
[11] C.-P. Schnorr, "Efficient Identification and Signatures for Smart Cards," Proc. Conf. Advances in Cryptology (CRYPTO), pp. 239-252, 1989.
[12] D.G. Steer, L. Strawczynski, W. Diffie, and M.J. Wiener, "A Secure Audio Teleconference System," Proc. Conf. Advances in Cryptology (CRYPTO), pp. 520-528, 1988.
[13] M. Steiner, G. Tsudik, and M. Waidner, "Key Agreement in Dynamic Peer Groups," IEEE Trans. Parallel and Distributed Systems, vol. 11, no. 8, pp. 769-780, 2000.
[14] Y.-M. Tseng, "A Robust Multi-Party Key Agreement Protocol Resistant to Malicious Participants," The Computer J., vol. 48, no. 4, pp. 480-487, 2005.
28 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool