On Classifying Conference Key Distribution Protocols

In this paper, we examine a classification of conference key distribution protocols proposed in [4] and show that no known protocol satisfies the security requirements in class 4, the highest security class of this classification. We show two new attacks on protocols that were believed to belong to the highest security class and show that both protocols in fact belong to class 3. This motivates us to propose a refinement of this classification to allow separating protocols with different security properties while maintaining the classification framework.SCOPUS: cp.kinfo:eu-repo/semantics/publishe