M. Burmester and Y. Desmedt, A Secure and E#cient Conference Key Distribution System. In Proceedings of Eurocrypt 1994, pp. 275-286, 1994  Home/Search   Document Not in Database   Summary   Related Articles   Check

....key exchange needs to implement. In Section 4, we describe the protocol AKE1 by splitting it down into functions. This helps us to implement the abstract interface. Finally, in Section 5 we show that the protocol AKE1 provably secure in the standard model. Related Work. Several papers [1, 10, 19, 14, 27] have extended the 2 party Die Hellman key exchange [13] to the multi party setting however a formal analysis has only been proposed recently. In [8, 7] we de ned a formal model for the authenticated (dynamic) group Die Hellman key exchange and proved secure protocols within this model. We use ....

M. Burmester and Y. G. Desmedt. A secure and ecient conference key distribution system. In Proc. of Eurocrypt '94, LNCS 950, pp. 275-286. Springer, 1995.

....round multi party key agreement protocol. This protocol is based on the existence of multi linear maps. Currently, no such suitable maps are known and it seems unlikely that such maps can even be found [4] The other protocol which requires less number of rounds is due to Burmester and Desmedt [5]. This is an unauthenticated protocol and requires two rounds. However, the computation complexity is higher and the total number of exponentiations required is around n . Also it is dicult to convert this protocol into an authenticated protocol. The authors indicate that zero knowledge proof ....

....more than those for unauthenticated version. B(n) is double that of for unauthenticated version. In addition, the authenticated version involves at most three elliptic curve (EC) addition per user per round. 6 Comparison R(n) B(n) E(n) GDH 2 [19] n 2 1 GDH 3 [19] n 1 3(n 1) 5n 6 BD [5] 2 2n n(n 1) TGDH [12] dlog 2 ne ndlog 2 ne ndlog 2 ne Our Protocol dlog 3 ne 1 Table 1 : Protocol Comparison (unauthenticated versions) Points to note for unauthenticated protocols : 1. The underlying group of GDH 2, GDH 3 and BD protocol is a multiplicative subgroups of Z ....

M. Burmester and Y. Desmedt. A Secure and Ecient Conference Key Distribution System. In A. De Santis, editor, Advances in Cryptology EUROCRYPT '94, Workshop on the theory and Application of Cryptographic Techniques, LNCS 950, pages 275-286, Springer-Verlag, 1995.

....i.e. the protocol is asymmetric. In particular, for j = 3, t 1, M j sends v j = g v x j j 1 to M j 1 (where v 2 = y 1 ) and then computes S. The party M t simply waits v t 1 from M t 1 and then computes S = v x t t 1 . One notable recent result is due to Burmester and Desmedt [7]. They construct a very e#cient protocol (BD) which executes in only three rounds: 1. Each M i generates its random exponent x i and broadcasts z i = # . 2. Each M i computes and broadcasts W i = z i 1 z i 1 ) 3. Each M i can now compute the key S = z tx i i 1 i 1 W i 2 mod p ....

Mike Burmester and Yvo Desmedt, "A secure and e#cient conference key distribution system," in Advances in Cryptology -- EUROCRYPT '94, I.B. Damgard, Ed. 1994, Lecture Notes in Computer Science, Springer-Verlag, Berlin Germany, final version of proceedings.

....[17] a huge number of twoparty key agreement protocols have been proposed (see [6] and [30, Chapter 12.6] for surveys) This re ects the fundamental nature of key exchange as a cryptographic primitive. The situation where three or more parties share a secret key is often called conference keying [14], 30, Chapter 12.8] The three party (or tripartite) case is of most practical importance not only because it is the most common size for electronic conferences but because it can be used to provide a range of services for two parties communicating. For example, a third party can be added to 1 ....

M. Burmester and Y. Desmedt. A secure and ecient conference key distribution system. In A. De Santis, editor, Advances in Cryptology EUROCRYPT '94, Workshop on the Theory and Application of Cryptographic Techniques, volume 950 of Lecture Notes in Computer Science, pages 275{ 286. Springer-Verlag, 1995.

....can be regarded as equivalent to revealing the group key. 6.2. COMPLEXITY ANALYSIS This section compares the computation and communication of STR protocol to other recent group key agreement methods, Cliques GDH.2 [STW00] Tree Based Die Hellman (TGDH) KPT00] and Burmester Desmedt (BD) BD94] These protocols provide contributory group key agreement based on di erent extensions of the two party Die Hellman key exchange. Moreover, they all support dynamic membership operations. We consider the following costs: Number of rounds: this a ects serial communication delay. Total number of ....

M. Burmester and Y. Desmedt. A Secure and Ecient Conference Key Distribution System. In EUROCRYPT94, 1994.

....# # ## # # # # # #### # # STRiswell suited for adding new group members as it takes only two rounds and two modular exponentiations. Member exclusion, however, is relatively dicult (for example, consider excluding ## from the group key) A more recent result is due to Burmester and Desmedt[6]. They construct an ecient protocol which takes only three rounds and two modular exponentiations per member to generate a group key. This eciency allows all members to re compute the group key for anymembership change by performing this protocol. However, according to [16] most (at least half) ....

M. Burmester and Y. Desmedt. A Secure and Ecient Conference Key Distribution System. In ###########, pages 275-286. LNCS 950, 1994.

....N 3 ( N 2 N 1 ) STR is well suited for adding new group members as it takes only two rounds and two modular exponentiations. Member exclusion, however, is relatively dicult (for example, consider excluding N1 from the group key) A more recent result is due to Burmester and Desmedt[6]. They construct an ecient protocol which takes only three rounds and two modular exponentiations per member to generate a group key. This eciency allows all members to re compute the group key for any membership change by performing this protocol. However, according to [16] most (at least half) ....

M. Burmester and Y. Desmedt. A Secure and Ecient Conference Key Distribution System. In EUROCRYPT94, pages 275-286. LNCS 950, 1994.

....conferences, remote consultation and diagnosis systems for medical applications, contract negotiation, multi party games, collaborative work places, electronic commerce environments such as online real time auctions, and information dissemination of stock quotes. Most currently proposed protocols [2, 10, 16, 17, 3, 8, 1] use a dedicated server or group controller, which results in simpler protocols, but at the cost of requiring members to trust the server. However, a central server or group controller incurs management overhead and is a central point of failure. Conversely, in an autonomous group, if a member ....

....which does not necessarily have an impact on the security of the key. Conversely, an insecure GKAP might leak a secret key and violate key authentication, while providing key integrity. Previous work Previous work in secure group key communication protocols mainly focused on server based systems [2, 10, 16, 17, 3, 8]. Early work on server based schemes uses a central server, which shares a secret key with each member and uses unicast and encryption to communicate new keys securely with each member individually [7, 10] To achieve scalability Mittra proposes a server hierarchy [10] Wallner et al. propose a ....

[Article contains additional citation context not shown here]

Mike Burmester and Yvo Desmedt. A Secure and Ecient Conference Key Distribution System. In Alfredo De Santis, editor, EUROCRYPT94, pages 275-286. LNCS 950, 1994.

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. In A. De Santis, editor, Advances in Cryptology - Eurocrypt '94, Lecture Notes in Computer Science 950, pages 275--286, Springer, Berlin, 1995.

No context found.

M. Burmester and Y. Desmedt, A Secure and E#cient Conference Key Distribution System. In Proceedings of Eurocrypt 1994, pp. 275-286, 1994

No context found.

M. Burmester and Y. Desmedt. A Secure and E#cient Conference Key Distribution System. In Advances in Cryptology -- EUROCRYPT'94, volume 950 of Lecture Notes in Computer Science, pages 275--286. Springer, May 1994. 5, 6, 7, 8, 9

No context found.

M. Burmester and Y. Desmedt. A Secure and E#cient Conference Key Distribution System. In Advances in Cryptology -- EUROCRYPT'94, volume 950 of Lecture Notes in Computer Science, pages 275--286. Springer, May 1994. 8, 10, 22

No context found.

Mike Burmester and Yvo Desmedt. A Secure and E#cient Conference Key Distribution System. In Alfredo De Santis, editor, Advances in Cryptology -- EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 275--286. Springer, 1995.

No context found.

Burmester, M. and Desmedt, Y. 1994. A secure and e#cient conference key distribution system. In Eurocrypt 94.

No context found.

Mike Burmester and Yvo Desmedt. A Secure and E#cient Conference Key Distribution System. In Alfredo De Santis, editor, Advances in Cryptology --- EUROCRYPT'94, volume 950 of Lecture Notes in Computer Science, pages 275--286. Springer, 1995.

No context found.

M. Burmester and Y. Desmedt. A Secure and E#cient Conference Key Distribution System. In proceedings of Eurocrypt 1994.

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. In A. D. Santis, editor, Advances in Cryptology--- EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 275--286. Springer-Verlag, 1994.

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. EUROCRYPT 1994.

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. In A. D. Santis, editor, Pre--Proceedings of Eurocrypt '94, pages 279--290, 1994.

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. In A. D. Santis, editor, Advances in Cryptology--- EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 275--286. Springer-Verlag, 1994.

No context found.

M. Burmester and Y. Desmedt. A Secure and Ecient Conference Key Distribution System. In A. De Santis, editor, Advances in Cryptology EUROCRYPT '94, Workshop on the theory and Application of Cryptographic Techniques, LNCS 950, pages 275-286, Springer-Verlag, 1995. 16

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. EUROCRYP'94, LNCS(950):275--286, 1994.

No context found.

M. Burmester and Y. Desmedt. A Secure and Ecient Conference Key Distribution System. In A. De Santis, editor, Advances in Cryptology EUROCRYPT '94, Workshop on the theory and Application of Cryptographic Techniques, LNCS 950, pages 275-286, Springer-Verlag, 1995.

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. In A. D. Santis, editor, Advances in Cryptology--- EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 275--286. Springer-Verlag, 1994.

No context found.

M. Burmester and Y. Desmedt, "A secure and e#cient conference key distribution system," Advances in Cryptology -- EUROCRYPT'94, May 1994.

No context found.

Mike Burmester and Yvo Desmedt. A secure and ecient conference key distribution system. In Advances in Cryptology - EUROCRYPT '94, volume 950 of LNCS, pages 275286, Perugia, Italy, May 1994. Springer.

No context found.

Mike Burmester and Yvo Desmedt. A secure and e#cient conference key distribution system. In Advances in Cryptology -- Eurocrypt'94, pages 275--286. SpringerVerlag, 1995.

No context found.

M. Burmester and Y. Desmedt. A Secure and E#cient Conference Key Distribution System. Eurocrypt '94.

No context found.

M. Burmester and Y. Desmedt. A Secure and Ecient Conference Key Distribution System. In A. De Santis, editor, Advances in Cryptology EUROCRYPT '94, Workshop on the theory and Application of Cryptographic Techniques, LNCS 950, pages 275-286, Springer-Verlag, 1995.

No context found.

M. Burmester and Y. Desmedt. A Secure and E#cient Conference Key Distribution System. In Proc of Eurocrypt' 94, vol. 950 of LNCS, pages 275--286. Springer, 1995.

No context found.

M. Burmester and Y. Desmedt. A secure and e#cient conference key distribution system. In A. De Santis, editor, Proceedings of Eurocrypt'94, pages 275--286, Perugia, Italy, 1994. Springer-Verlag - LNCS Vol. 950.

No context found.

Mike Burmester and Yvo Desmedt. A secure and ecient conference key distribution system. In A. De Santis, editor, Advances in Cryptology: Proceedings of EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 275-286. Springer-Verlag, Berlin Germany, 1995.

No context found.

M. Burmester and Y. G. Desmedt. A secure and e#cient conference key distribution system. In Proc. of Eurocrypt '94, LNCS 950, pp. 275--286. Springer, 1995.

No context found.

M. Burmester and Y. G. Desmedt. A secure and e#cient conference key distribution system. In Proc. of Eurocrypt '94, LNCS 950, pp. 275--286. Springer, 1995. [3]

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC