Scalabale Authenticated Group Key Exchange
Johnathan Katz and Moti Yung have published a paper[1] in the Journal of Cryptology detailing a scalable solution to the problem of authenticated group key exchange on an insecure public network.
[1] Katz, J., Yung, M. Scalable Protocols for Authenticated Group Key Exchange. Journal of Cryptology, 20:1, 2007, pp. 85-113.
Abstract:
Abstract. We consider the problem of authenticated group key exchange among n
parties communicating over an insecure public network. A number of solutions to this
problem have been proposed; however, all prior provably secure solutions do not scale
well and, in particular, require O(n) rounds. Our main contribution is the first scalable
protocol for this problem along with a rigorous proof of security in the standard model
under the DDH assumption; our protocol uses a constant number of rounds and requires
only O(1) “full” modular exponentiations per user. Toward this goal (and adapting
work of Bellare, Canetti, and Krawczyk), we first present an efficient compiler that
transforms any group key-exchange protocol secure against a passive eavesdropper to
an authenticated protocol which is secure against an active adversary who controls all
communication in the network. This compiler adds only one round and O(1) communication
(per user) to the original scheme. We then prove secure—against a passive
adversary—a variant of the two-round group key-exchange protocol of Burmester and
Desmedt. Applying our compiler to this protocol results in a provably secure threeround
protocol for authenticated group key exchange which also achieves forward
secrecy.