Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A survey of fast exponentiation methods
Journal of Algorithms
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Efficient and Secure Conference-Key Distribution
Proceedings of the International Workshop on Security Protocols
Modeling insider attacks on group key-exchange protocols
Proceedings of the 12th ACM conference on Computer and communications security
Identity-based key agreement protocols from pairings
International Journal of Information Security
Secure group key establishment revisited
International Journal of Information Security
Securing group key exchange against strong corruptions
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A non-malleable group key exchange protocol robust against active insiders
ISC'06 Proceedings of the 9th international conference on Information Security
Resource Fairness and Composability of Cryptographic Protocols
Journal of Cryptology
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Password-Based group key exchange in a constant number of rounds
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
New directions in cryptography
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (referred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9] (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an adversary can do the following damages: It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players. It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker. We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange, which yet bring some new perspectives to the literature of group and identity-based key-exchange. We then present some fixing approaches, and prove that the fixed protocols are computationally fair.