International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Repairing Attacks on a Password-Based Group Key Agreement

Ratna Dutta
Rana Barua
Search ePrint
Search Google
Abstract: From designing point of view, it is not a trivial task to convert a group key agreement protocol into password-based setting where the members of the group share only a human-memorable weak password and the system may not have any secure public key infrastructure. Security analysis against dictionary attacks is on the other side of the coin. The low entropy of human memorable password may enable an adversary to mount off-line dictionary attacks if careful approaches are not taken in designing the protocol. Recently, Kim et al. proposed a very efficient provably secure group key agreement protocol KLL, security of which relies on the Computational Diffie-Hellman (CDH) assumption in the presence of random oracles. Dutta-Barua embed the protocol KLL into password-based environment -- yielding the protocol DB-PWD. Abdalla et al. detect certain flaws in the protocol DB-PWD. In this paper, we take suitable measures to overcome these attacks. We introduce a protocol MDB-PWD -- an improved variant of the protocol DB-PWD and analyze its security in the security framework formalized by Bellare et al. in both the ideal cipher model and the random oracle model under CDH assumption.
  title={Repairing Attacks on a Password-Based Group Key Agreement},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols /},
  note={ 13235 received 26 Mar 2006, last revised 26 Mar 2006, withdrawn 28 Mar 2006},
  author={Ratna Dutta and Rana Barua},