Exposure-Resilient Identity-Based Dynamic Multi-Cast Key Distribution


IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E101-A   No.6   pp.929-944
Publication Date: 2018/06/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E101.A.929
Type of Manuscript: PAPER
Category: Cryptography and Information Security
multi-cast key distribution,  ID-based cryptography,  exposure resilience,  scalability,  

Full Text: PDF(1.3MB)>>
Buy this Article

In this paper, we propose the first identity-based dynamic multi-cast key distribution (ID-DMKD) protocol which is secure against maximum exposure of secret information (e.g., secret keys and session-specific randomness). In DMKD protocols, users share a common session key without revealing any information of the session key to the semi-honest server, and can join/leave to/from the group at any time even after establishing the session key. Most of the known DMKD protocols are insecure if some secret information is exposed. Recently, an exposure resilient DMKD protocol was introduced, however, each user must manage his/her certificate by using the public-key infrastructure. We solve this problem by constructing the DMKD protocol authenticated by user's ID (i.e., without certificate). We introduce a formal security definition for ID-DMKD by extending the previous definition for DMKD. We must carefully consider exposure of the server's static secret key in the ID-DMKD setting because exposure of the server's static secret key causes exposure of all users' static secret keys. We prove that our protocol is secure in our security model in the standard model. Another advantage of our protocol is scalability: communication and computation costs of each user are independent from the number of users. Furthermore, we show how to extend our protocol to achieve non-interactive join by using certificateless encryption. Such an extension is useful in applications that the group members frequently change like group chat services.