At Eurocrypt'95, Desmedt suggested a scheme which allows individuals to en-crypt in such a way that the receiver can be traced by an authority having additional information. This paper shows that the proposed scheme does not have the required properties, by devising three non-speciied protocols misleading the authority. We also discuss how to repair Desmedt's scheme, such that our attacks are n...

The paper considers the problem of distributed key generation for shared-control RSA schemes. In particular: how can two parties generate a shared RSA key in such a way that neither party can cheat? The answer to this question would have signi cant applications to, for example, key escrow systems. Cocks has recently proposed protocols to solve this problem in the case when both parties act hone...

Secure group communication is an increasingly popular research area having received much attention in the last several years. The fundamental challenge revolves around secure and efficient group key management. While centralized methods are often appropriate for key distribution in large groups, many collaborative group settings require distributed key agreement techniques. This work investigat...

Confidentiality, integrity and authentication are more relevant issues in Ad hoc networks than in wired fixed networks. One way to address these issues is the use of symmetric key cryptography, relying on a secret key shared by all members of the network. But establishing and maintaining such a key (also called the session key) is a non-trivial problem. We show that Group Key Agreement (GKA) pr...

Recently, LaMacchia, Lauter and Mityagin proposed the extended Canetti-Krawczyk (eCK) model for Authenticated Key Exchange (AKE) protocols that covers many attacks on existing models. An ID-based AKE protocol with Perfect Forward Secrecy (PFS) (respectively Master Perfect Forward Secrecy (MPFS)) ensures that revelation of the static keys of the parties (respectively the master secret key of the...

We introduce a formal model for certificateless authenticated key exchange (CL-AKE) protocols. Contrary to what might be expected, we show that the natural combination of an ID-based AKE protocol with a public key based AKE protocol cannot provide strong security. We provide the first one-round CL-AKE scheme proven secure in the random oracle model. We introduce two variants of the Diffie-Hellm...

Group Key Establishment is fundamental for a variety of security mechanisms in group applications. It allows n ≥ 2 principals to agree upon a common secret key. This can further be classified into Group Key Exchange (or Group Key Agreement), where all the principals participate in the construction of the key, and Group Key Transport (or Group Key Distribution), where the key is chosen by a sing...

This paper analyzes the Logical Key Hierarchy (LKH) secure multicast protocol focusing on the reliability of the re-keying authentication process. We show that the key management in the LKH model is subject to some attacks. In particular, these attacks can be performed by entities external to the multicast group, as well as from internal users of the multicast group. The spectrum of these attac...

We introduce the notion of public key encryption with secure leasing (PKE-SKL). Our supports decryption keys so that a leased achieves functionality but comes guarantee if quantum returned by user passes validity test, then has lost ability to decrypt. is similar in spirit software (SSL) introduced Ananth and La Placa (Eurocrypt 2021) captures significantly more general adversarial strategies. ...