Server-Aided Password-Authenticated Key Exchange: From 3-Party to Group

Protocols for group key exchange are cryptographic algorithms that describe how a group of parties communicating over a public network can come up with a common secret key. Due to their critical role in building secure multicast channels, a number of group key exchange protocols have been proposed over the years for a variety of settings. In this work, we present a new protocol for password-authenticated group key exchange in the model where the clients wishing to establish a common secret do not share any password between them but hold their individual password shared with a trusted server. This model is practical in that no matter how many different session keys for different groups a client wants to generate, he/she does not need to hold multiple passwords but only needs to remember a single password shared with the server. Our construction is generic. We assume a 3-party passwordauthenticated key exchange protocol and use it as a key component in building our password-authenticated GKE protocol. Our generic protocol requires no further long-term secrets than those used in the underlying 3-party protocol. This implies that if the given 3-party protocol is password-only authenticated, then our group key exchange protocol is password-only authenticated as well.