ACAC Seminar Abstract

ACAC Seminar Abstract

ACAC Seminars

ACAC Seminar Abstract

Fully Robust Group Key Exchange in the Presence of Opening Attacks

Speaker: Mark Manulis
Date, Time: Fri, 11 Jul 2008 15:00

Recent developments in research on group key exchange (GKE) protocols include separation between outsider and insider attacks, refinements of corruption models, and design of protocols that achieve robustness (fault-tolerance): Outsider security ensures secrecy of group keys computed by honest users whereas insider security prevents dishonest users from biasing the correct execution of the protocol; strong corruptions and their refinements allow for sophisticated attacks by which the adversary inspects internal states of users (and gains access to the ephemeral secrets stored there - \emph{opening attacks}); robustness ensures the correct execution of a GKE protocol despite of possible network faults and system crashes, this in addition to the malicious user behavior.

Available GKE protocols do not ensure simultaneously \emph{strong} security against outsider and insider attacks and successful completeness of the protocol in the presence of system faults. In my talk I show how to obtain a \emph{fully robust} protocol resistant to outsider attacks in the strong corruption model refined by opening attacks (under standard assumptions), and how to extend it to achieve the additional security against insider attacks (under the assumptions on random oracles).

The invented protocols are based on a reliable but unauthenticated broadcast channel with weak synchronization and the insider security is achieved through a novel technique which applies non-interactive zero-knowledge proofs for double discrete logarithms to the classical Tree Diffie-Hellman setting after its extension towards fault-tolerance via "tree replication".

Note: This is a very recent, joint work with Emmanuel Bresson (DCSSI Crypto Lab, Paris, France), and Timo Brecher and Jörg Schwenk (Horst-Görtz Institute for IT-Security, Bochum, Germany)

Back to the top of this page