Unconditionally Secure Conference Key Distribution: Security Notions, Bounds and Constructions

Abstract: A conference key distribution is a protocol that allows designated subset of users to calculate a shared private key. We consider unconditionally secure conference key distribution systems where the adversary has unlimited computational power, and focuses on a stronger and more realistic adversary model, proposed by Safavi-Naini and Jiang, in which the adversary in addition to corrupting subsets of users and obtaining their private keys, can access the conference keys of a number of uncorrupted conferences. We… Show more

“…If a group is updated, then the group key changes to the shared key of the new group. The drawback of KPS is that the user key size is combinatorially large [12], [36] in the total number of users (if the system is unconditionally secure). Another drawback is that the group key of a given group can not be changed even if it is leaked unexpectedly (e.g., cryptanalysis of ciphertexts bearing this key).…”

“…Unconditionally secure (interactive) key agreement has been considered in [3], [10], [12], [36]. Beimel and Chor [3] showed that the user key in this setting must be taken from a domain of size at least |S| τ , where S is the domain of the group key and τ is the maximum number of key agreements.…”

Group Key Agreement with Local Connectivity

“…If a group is updated, then the group key changes to the shared key of the new group. The drawback of KPS is that the user key size is combinatorially large [12], [36] in the total number of users (if the system is unconditionally secure). Another drawback is that the group key of a given group can not be changed even if it is leaked unexpectedly (e.g., cryptanalysis of ciphertexts bearing this key).…”

“…Unconditionally secure (interactive) key agreement has been considered in [3], [10], [12], [36]. Beimel and Chor [3] showed that the user key in this setting must be taken from a domain of size at least |S| τ , where S is the domain of the group key and τ is the maximum number of key agreements.…”

Group Key Agreement with Local Connectivity

Unconditionally Secure Broadcast Encryption Schemes with Trade-Offs between Communication and Storage