Related Work. Many GKA protocols [5, 11, 7, 4, 6, 3] have been pro- posed in literature, most being derived from the two-party Diffie-Xxxxxxx (DH) key agreement protocol. While some are secure against passive adversaries only, others do not have a rigorous security proof. A security proof typically involves showing that an attack on a protocol can be used to solve a well-known hard problem under some standard assumptions. Provably secure protocols in a well-defined model of security were first provided by Xxxxxxx et al. [4]. Their security model extended the earlier work of Xxxxxxx et al. [ 1]. The number of rounds in these protocols is linear in the number of participants, thus making them unsuitable for large ad hoc networks. − Xxxx et al. [6] proposed the first provably-secure con- stant round GKA protocol inspired from the works of Xxxxxxxxx et al. [5]. In the same work, they also pro- posed a scalable “compiler” to transform a GKA protocol, secure against a passive adversary, into one which is secure against an active adversary. But one round in their proto- col consists of 1 broadcast and n 1 simultaneous receives by each user. Achieving this is not possible in most net- works. Also it lacks procedures to handle group dynamism. Xxxx et al. [3] proposed an efficient constant round pro- tocol where the bulk of the computation is done by one participant, thus making it efficient for heterogeneous ad hoc networks. It is provably secure in the Random Oracle model [1] but lacks perfect forward secrecy (i.e., compro- mise of long-term key compromises all past session1 keys). We propose a provably secure and efficient protocol which 1A session refers to one instance of GKA protocol execution in some group. Protocol Expo per Ui (Max Expo) Rounds (Messages) PS [11] 3 (m) m +1 (2m − 3) No [7] log2 m +1 log2 m (m) No [4] i +1 m (m) Yes [6] 3 2y (2m) Yes [9] 2 (2myy) 2y (m) Yes Ours 2 (m) 2y (m) Yes
Appears in 2 contracts
Samples: Research Paper, Research Paper
Related Work. Many GKA protocols [5, 11, 7, 4, 6, 3] have been pro- posed in literature, most being derived from the two-party DiffieXxxxxx-Xxxxxxx (DH) key agreement protocol. While some are secure against passive adversaries only, others do not have a rigorous security proof. A security proof typically involves showing that an attack on a protocol can be used to solve a well-known hard problem under some standard assumptions. Provably secure protocols in a well-defined defined model of security were first first provided by Xxxxxxx et al. [4]. Their security model extended the earlier work of Xxxxxxx Bellare et al. [
1]. The number of rounds in these protocols is linear in the number of participants, thus making them unsuitable for large ad hoc networks. − Xxxx et al. [6] proposed the first first provably-secure con- stant round GKA protocol inspired from the works of Xxxxxxxxx et al. [5]. In the same work, they also pro- posed a scalable “compiler” to transform a GKA protocol, secure against a passive adversary, into one which is secure against an active adversary. But one round in their proto- col consists of 1 broadcast and n 1 simultaneous receives by each user. Achieving this is not possible in most net- works. Also it lacks procedures to handle group dynamism. Xxxx et al. [3] proposed an efficient efficient constant round pro- tocol where the bulk of the computation is done by one participant, thus making it efficient efficient for heterogeneous ad hoc networks. It is provably secure in the Random Oracle model [1] but lacks perfect forward secrecy (i.e., compro- mise of long-term key compromises all past session1 keys). We propose a provably secure and efficient efficient protocol which 1A session refers to one instance of GKA protocol execution in some group. Protocol Expo per Ui (Max Expo) Rounds (Messages) PS [11] 3 (m) m +1 (2m − 3) No [7] log2 m +1 log2 m (m) No [4] i +1 m (m) Yes [6] 3 2y 2٨ (2m) Yes [9] 2 (2myy2m٨٨) 2y 2٨ (m) Yes Ours 2 (m) 2y 2٨ (m) YesYes m: Number of participants
Appears in 2 contracts
Samples: Research Paper, Group Key Agreement Protocol
Related Work. Many GKA protocols [5, 11, 7, 4, 6, 3] have been pro- posed in literature, most being derived from the two-party DiffieXxxxxx-Xxxxxxx (DH) key agreement protocol. While some are secure against passive adversaries only, others do not have a rigorous security proof. A security proof typically involves showing that an attack on a protocol can be used to solve a well-known hard problem under some standard assumptions. Provably secure protocols in a well-defined defined model of security were first first provided by Xxxxxxx Bresson et al. [4]. Their security model extended the earlier work of Xxxxxxx et al. [
1]. The number of rounds in these protocols is linear in the number of participants, thus making them unsuitable for large ad hoc networks. − Xxxx Yung et al. [6] proposed the first first provably-secure con- stant round GKA protocol inspired from the works of Xxxxxxxxx et al. [5]. In the same work, they also pro- posed a scalable “compiler” to transform a GKA protocol, secure against a passive adversary, into one which is secure against an active adversary. But one round in their proto- col consists of 1 broadcast and n 1 simultaneous receives by each user. Achieving this is not possible in most net- works. Also it lacks procedures to handle group dynamism. Xxxx et al. [3] proposed an efficient efficient constant round pro- tocol where the bulk of the computation is done by one participant, thus making it efficient efficient for heterogeneous ad hoc networks. It is provably secure in the Random Oracle model [1] but lacks perfect forward secrecy (i.e., compro- mise of long-term key compromises all past session1 keys). We propose a provably secure and efficient efficient protocol which 1A session refers to one instance of GKA protocol execution in some group. Protocol Expo per Ui (Max Expo) Rounds (Messages) PS [11] 3 (m) m +1 + 1 (2m − 3) No [7] log2 m +1 + 1 log2 m (m) No [4] i +1 + 1 m (m) Yes [6] 3 2y (2m) Yes [9] 2 (2myy) 2y (m) Yes Ours 2 (m) 2y (m) Yes
Appears in 1 contract
Samples: Group Key Agreement Protocol
Related Work. Many GKA protocols [5, 11, 7, 4, 6, 3] have been pro- posed in literature, most being derived from the two-party DiffieXxxxx-Xxxxxxx (DH) key agreement protocol. While some are secure against passive adversaries only, others do not have a rigorous security proof. A security proof typically involves showing that an attack on a protocol can be used to solve a well-known hard problem under some standard assumptions. Provably secure protocols in a well-defined model of security were first provided by Xxxxxxx Bresson et al. [4]. Their security model extended the earlier work of Xxxxxxx et al. [
1]. The number of rounds in these protocols is linear in the number of participants, thus making them unsuitable for large ad hoc networks. − Xxxx Yung et al. [6] proposed the first provably-secure con- stant round GKA protocol inspired from the works of Xxxxxxxxx et al. [5]. In the same work, they also pro- posed a scalable “compiler” to transform a GKA protocol, secure against a passive adversary, into one which is secure against an active adversary. But one round in their proto- col consists of 1 broadcast and n 1 simultaneous receives by each user. Achieving this is not possible in most net- works. Also it lacks procedures to handle group dynamism. Xxxx et al. [3] proposed an efficient constant round pro- tocol where the bulk of the computation is done by one participant, thus making it efficient for heterogeneous ad hoc networks. It is provably secure in the Random Oracle model [1] but lacks perfect forward secrecy (i.e., compro- mise of long-term key compromises all past session1 keys). We propose a provably secure and efficient protocol which 1A session refers to one instance of GKA protocol execution in some group. Protocol Expo per Ui (Max Expo) Rounds (Messages) PS [11] 3 (m) m +1 (2m − 3) No [7] log2 m +1 log2 m (m) No [4] i +1 m (m) Yes [6] 3 2y (2m) Yes [9] 2 (2myy) 2y (m) Yes Ours 2 (m) 2y (m) Yes
Appears in 1 contract
Samples: Group Key Agreement Protocol
Related Work. Many GKA protocols [5, 11, 7, 4, 6, 3] have been pro- posed in literature, most being derived from the two-party DiffieXxxxxx-Xxxxxxx (DH) key agreement protocol. While some are secure against passive adversaries only, others do not have a rigorous security proof. A security proof typically involves showing that an attack on a protocol can be used to solve a well-known hard problem under some standard assumptions. Provably secure protocols in a well-defined defined model of security were first first provided by Xxxxxxx et al. [4]. Their security model extended the earlier work of Xxxxxxx et al. [
1]. The number of rounds in these protocols is linear in the number of participants, thus making them unsuitable for large ad hoc networks. − Xxxx et al. [6] proposed the first first provably-secure con- stant round GKA protocol inspired from the works of Xxxxxxxxx et al. [5]. In the same work, they also pro- posed a scalable “compiler” to transform a GKA protocol, secure against a passive adversary, into one which is secure against an active adversary. But one round in their proto- col consists of 1 broadcast and n 1 simultaneous receives by each user. Achieving this is not possible in most net- works. Also it lacks procedures to handle group dynamism. Xxxx et al. [3] proposed an efficient efficient constant round pro- tocol where the bulk of the computation is done by one participant, thus making it efficient efficient for heterogeneous ad hoc networks. It is provably secure in the Random Oracle model [1] but lacks perfect forward secrecy (i.e., compro- mise of long-term key compromises all past session1 keys). We propose a provably secure and efficient efficient protocol which 1A session refers to one instance of GKA protocol execution in some group. Protocol Expo per Ui (Max Expo) Rounds (Messages) PS [11] 3 (m) m +1 (2m − 3) No [7] log2 m +1 log2 m (m) No [4] i +1 m (m) Yes [6] 3 2y 2٨ (2m) Yes [9] 2 (2myy2m٨٨) 2y 2٨ (m) Yes Ours 2 (m) 2y 2٨ (m) YesYes m: Number of participants
Appears in 1 contract
Samples: Research Paper