A Universally Composable Group Key Exchange Protocol with Minimum Communication Effort.
ABSTRACT The universal composability (UC) framework by Canetti  is a general-purpose framework for designing secure protocols.
It ensures the security of UC-secure protocols under arbitrary compositions. As key exchange protocols (KEs) belong to the
most used cryptographic mechanisms, some research has been done on UC-secure 2-party KEs. However, the only result regarding
UC-secure group key exchange protocols (GKEs) is a generic method presented by Katz and Shin . It allows to turn any GKE
protocol that fulfills certain security requirements into a UC-secure variant. This yields GKE protocols which require at
least five communication rounds in practice when no session identities are provided by external mechanisms. Up to now, no
effort has been taken to design dedicated UC-secure GKE protocols with a lower communication complexity.
In this paper, we propose a new UC-secure GKE which needs only two rounds. We show that two is the minimum possible number
of rounds and that any 2-round UC-secure GKE requires at least as many messages as our protocol. The proof of security relies
on a new assumption which is a combination of the decision bilinear Diffie-Hellman assumption and the linear Diffie-Hellman
- SourceAvailable from: Jean-Jacques Quisquater[show abstract] [hide abstract]
ABSTRACT: Group Di#e-Hellman protocols for Authenticated Key Exchange (AKE) are designed to provide a pool of players with a shared secret key which may later be used, for example, to achieve multicast message integrity. Over the years, several schemes have been o#ered. However, no formal treatment for this cryptographic problem has ever been suggested. In this paper, we present a security model for this problem and use it to precisely define AKE (with "implicit" authentication) as the fundamental goal, and the entity-authentication goal as well. We then define in this model the execution of an authenticated group Di#e-Hellman scheme and prove its security.07/2002;
- [show abstract] [hide abstract]
ABSTRACT: We present a formalism for the analysis of key-exchange protocols that combines previous06/2001;
Chapter: Short Group Signatures[show abstract] [hide abstract]
ABSTRACT: We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption. We prove security of our system, in the random oracle model, using a variant of the security definition for group signatures recently given by Bellare, Micciancio, and Warinschi.12/2004: pages 227-242;