Two Formal Views of Authenticated Group Diffie-Hellman Key Exchange

With the advance of multicast communication infrastructures several works address the task of sharing a session key among a group of users. Some of theses works extend the Diffie-Hellman protocol to the multi-party setting but can not by lack of adequate formal models provide stringent arguments to support the security of their protocols. Fortunately, formal models and formal treatments have recently been carried out by both the cryptographic community and the formalmethod community. In this talk we present our two approaches and our results in each model. This talk is also a first step toward filling out the gap between two “views” of the authenticated group Diffie-Hellman key exchange. The first theoretical concepts of public-key cryptography go back to Diffie and Hellman in 1976 [10] and the first public-key cryptosystem only two years later to Rivest, Shamir and Adleman [23]. In their seminal paper New Directions in Cryptography, Diffie and Hellman provided a method whereby two principals communicating over an insecure network can agree on a secret value, i.e. a value that a computationally bounded adversary can not recover by eavesdropping on flows exchanged between the two principals. Nowadays with the advance of multicast communication infrastructures [2, 8, 13] come the need to extend this method to allow a pool of principals to agree on a secret value. We refer to this extension as the group DiffieHellman protocol [24]. In their original publication, the Diffie-Hellman protocol and the group Diffie-Hellman protocol were designed to protect against a (passive) adver-