Generic One Round Group Key Exchange in the Standard Model

Gorantla, M. Choudary; Boyd, Colin; Nieto, Juan Manuel González; Manulis, Mark

doi:10.1007/978-3-642-14423-3_1

Cited by 26 publications

(19 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, one sends an encrypted message (e.g., email) to more than one receiver. It could also be used for establish a session key (say following ) for a group of users to secure on‐line digital conference. Future works.…”

Section: Discussionmentioning

confidence: 99%

“…It is also well‐known that mKEM and mPKE can be transformed into each other from a theoretical point of view. On the other hand, mKEM as a fundamental primitive can also be used as a basis for other cryptographic systems, such as one‐round group key exchange where a generic one‐round group key exchange is built based on IND‐CCA2‐secure mKEM. In a nutshell, the mKEM could be used as an important building block to construct secure distributed applications.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On constructing practical multi‐recipient key‐encapsulation with short ciphertext and public key

Yang

2015

Security Comm Networks

View full text Add to dashboard Cite

In this paper, we introduce a novel multiple‐recipient key‐encapsulation mechanism (mKEM) scheme which takes as input multiple public keys and outputs a single key shared by corresponding recipients. We focus on seeking practical construction for mKEM with short ciphertext and public key. Our scheme is IND‐CCA2 secure without random oracles. The security is reduced to a new variant of square bilinear Diffie–Hellman assumption. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

On constructing practical multi‐recipient key‐encapsulation with short ciphertext and public key

Yang

2015

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…A multi-round GKA protocol poses a synchronism requirement on group members and it needs all group members to simultaneously stay online to complete the protocol. Several proposals (e.g., [8,18,30]) have been motivated to optimize round complexity in GKA protocols. Burmester and Desmedt [12] proposed a two-round n-party GKA protocol for n parties.…”

Section: Related Workmentioning

confidence: 99%

Bridging Broadcast Encryption and Group Key Agreement

Qin

Zhang

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but requires a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (CBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a CBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision n-Bilinear DiffieHellman Exponentiation (BDHE) assumption in the standard model. We also illustrate a variant in which the communication and computation complexity is sub-linear with the group size. Of independent interest, we present a new BE scheme that is aggregatable. The aggregatability property is shown to be useful to construct advanced protocols.

show abstract

“…Many of these initial constructions are based on the random oracle or the ideal cipher model, while few constructions rely on standard assumptions (Abdalla et al, 2007;. Another interesting proposal is that of Gorantla et al (2010), which also focuses on achieving a security proof without idealized assumptions, but assumes long-term high-entropy secrets are available for authentication. Table 1 compares our construction with related previous ones, 1 in terms of theoretical assumption, communication complexity (number of rounds) and authentication method.…”

Section: Introductionmentioning

confidence: 99%

Password–Authenticated Group Key Establishment from Smooth Projective Hash Functions

Bohli

Vasco

Steinwandt

2019

International Journal of Applied Mathematics and Computer Science

View full text Add to dashboard Cite

Password-authenticated key exchange (PAKE) protocols allow users sharing a password to agree upon a high entropy secret. Thus, they can be implemented without complex infrastructures that typically involve public keys and certificates. In this paper, a provably secure password-authenticated protocol for group key establishment in the common reference string (CRS) model is presented. While prior constructions of the group (PAKE) can be found in the literature, most of them rely on idealized assumptions, which we do not make here. Furthermore, our protocol is quite efficient, as regardless of the number of involved participants it can be implemented with only three communication rounds. We use a (by now classical) trick of Burmester and Desmedt for deriving group key exchange protocols using a two-party construction as the main building block. In our case, the two-party PAKE used as a base is a one-round protocol by Katz and Vaikuntanathan, which in turn builds upon a special kind of smooth projective hash functions (KV-SPHFs). Smooth projective hash functions (SPHFs) were first introduced by Cramer and Shoup (2002) as a valuable cryptographic primitive for deriving provable secure encryption schemes. These functions and their variants proved useful in many other scenarios. We use here as a main tool a very strong type of SPHF, introduced by Katz and Vaikuntanathan for building a one-round password based two party key exchange protocol. As evidenced by Ben Hamouda et al. (2013), KV-SPHFs can be instantiated on Cramer-Shoup ciphertexts, thus yielding very efficient (and pairing free) constructions.

show abstract

Generic One Round Group Key Exchange in the Standard Model

Cited by 26 publications

References 27 publications

On constructing practical multi‐recipient key‐encapsulation with short ciphertext and public key

On constructing practical multi‐recipient key‐encapsulation with short ciphertext and public key

Bridging Broadcast Encryption and Group Key Agreement

Password–Authenticated Group Key Establishment from Smooth Projective Hash Functions

Contact Info

Product

Resources

About