Research On Efficient Dynamic Group Key Agreement Protocol

Group key exchange allows a group of users to generate a shared secret key over insecure public channels, it has always been a very important research area in cryptography. And in dynamic group key exchange schemes, the members of a group are dynamically changing, thus the schemes should have algorithms to update the shared secret key when users join or leave the group. Owing to this property, dynamic group key exchange will come into wide use in large systems like distributed systems and cloud environment. So far the security model and security definitions of dynamic group key exchange have been proposed and widely accepted. Meanwhile, the performance of a dynamic group key exchange scheme is affected by many factors:the number of rounds, the computation cost, the number of transferred messages and the number of users affected in updating the shared key, etc. Besides, most key exchange schemes should be authenticated, every user can authenticate his partners. By the method of authentication, there are three kinds of authenticated key exchange schemes:certificate-based, identity-based and password-based.Following the latest research in this area, we propose an efficient constant-round identity-based dynamic authenticated group key exchange scheme based on the efficient pairing BD Ⅱ group key exchange scheme. Our scheme has a good organization structure of users, fewer users are needed to re-send messages to update the session key when someone joins or leaves the group, thus it is very applicable to the large systems with many users. On the other side, we give formal proof of the AKE security of our scheme in the Bresson security model under the Decisional Bilinear Diffie-Hellman assumption:a simulator can be constructed to solve the DBDH problem if there exists an adversary who can break our scheme. We also use identity-based signatures in our scheme to provide authentication between users, and we apply group ID and message number in our scheme to resist replay attacks. Compared to other group key exchage schemes, our scheme has more security features and is more efficient:the users need to transfer fewer messages to generate the shared key and the join/leave operation affects fewer users.