Round-optimal ID-based dynamic authenticated group key agreement

Abstract

A group key agreement protocol provides a set of users with a shared secret key to achieve cryptographic goal. When membership changes, group session key should be updated efficiently and securely. Hence, dynamic group key agreement protocols are of practical significance. Identity-based group key agreement protocols are preferred to certificate-based ones since identity-based protocols can simplify public key management procedure. Most of previous dynamic group key agreement protocols need at least two rounds to establish or refresh group session keys. In this paper, an identity-based dynamic authenticated group key agreement (DAGKA) protocol is presented. It is round-optimal, since: 1) in setup and join algorithms, only one round of communication is required; 2) in leave algorithm, there is no message exchange among group members. Joining members cannot compute previous session keys and leaving members cannot compute subsequent session keys. The protocol is provably secure. Its AKE-security is proved under decisional bilinear Diffie-Hellman (DBDH) assumption. In addition, the protocol resists key control attack and achieves forward security.