a security weakness in abdalla et al：在abdalla等人的安全弱点.’s generic construction of a group key exchange protocol.pdfVIP

Information Sciences 181 (2011) 234–238 Contents lists available at ScienceDirect Information Sciences journal homepage: www.else /locate/ins A security weakness in Abdalla et al.’s generic construction of a group key exchange protocol Junghyun Nam a,⇑, Juryon Paik b, Dongho Won b a Department of Computer Science, Konkuk University, 322 Danwol-dong, Chungju-si, Chungcheongbuk-do 380-701, Republic of Korea b School of Information and Communication Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Suwon-si, Gyeonggi-do 440-746, Republic of Korea a r t i c l e i n f o a b s t r a c t Article history: In TCC ’07, Abdalla et al. presented a protocol compiler that transforms any authenticated Received 22 April 2010 2-party key exchange protocol into an authenticated group key exchange (GKE) protocol. Received in revised form 8 September 2010 Abdalla et al.’s compiler is certainly elegant in its genericness, symmetry, simplicity and Accepted 9 September 2010 efficiency. However, this compiler is not as secure as claimed. Under a reasonable assump- tion, the GKE protocol constructed by the compiler (from a 2-party protocol) fails to achieve implicit key authentication. We here reveal this security problem with the compiler Keywords: and show how to address it. Cryptography 2010 Elsevier Inc. All rights reserved. Group