On Efficient Key Agreement Protocols

A class of efficient key agreement protocols proposed by Boyd is examined. An attack is demonstrated on a round-optimal example protocol of this class, and a simple countermeasure is suggested. The whole class is known to be vulnerable to an attack proposed by Bauer, Berson and Feiertag. A new class of key agreement protocols without this vulnerability but having the same advantages in efficiency is identified, and a number of concrete protocols are suggested

Key Agreement for Large-Scale Dynamic Peer Group

Many applications in distributed computing systems,such as IP telephony, teleconferencing, collaborative workspaces,interactive chats and multi-user games, involve dynamic peergroups. In order to secure communications in dynamic peergroups, group key agreement protocols are needed. In this paper,we come up with a new group key agreement protocol, composedof a basic protocol and a dynamic protocol, for large-scaledynamic peer groups. Our protocols are natural extensions ofone round tripartite Diffie-Hellman key agreement protocol. Inview of it, our protocols are believed to be more efficient thanthose group key agreement protocols built on two-party Diffie-Hellman key agreement protocol. In addition, our protocols havethe properties of group key secrecy, forward and backwardsecrecy, and key independence

Communication-efficient three-party protocols for authentication and key agreement

AbstractEncrypted key exchange (EKE) authentication approaches are very important for secure communicating over public networks. In order to solve the security weaknesses three-party EKE, Yeh et al. [H.T. Yeh, H.M. Sun, T. Hwang, Efficient three-party authentication and key agreement protocols resistant to password guessing attacks, Information Science and Engineering 19 (6) (2003) 1059–1070.] proposed two secure and efficient three-party EKE protocols. Based on the protocol developed by Yeh et al., two improved EKE protocols for authentication and key agreement are proposed in this study. The computational costs of the proposed protocols are the same as those of the protocols of Yeh et al. However, the numbers of messages in the communication are fewer than those of the protocols of Yeh et al. Furthermore, the round efficient versions of our proposed protocols are also described

Separating Key Agreement and Computational Differential Privacy

Two party differential privacy allows two parties who do not trust each other, to come together and perform a joint analysis on their data whilst maintaining individual-level privacy. We show that any efficient, computationally differentially private protocol that has black-box access to key agreement (and nothing stronger), is also an efficient, information-theoretically differentially private protocol. In other words, the existence of efficient key agreement protocols is insufficient for efficient, computationally differentially private protocols. In doing so, we make progress in answering an open question posed by Vadhan about the minimal computational assumption needed for computational differential privacy. Combined with the information-theoretic lower bound due to McGregor, Mironov, Pitassi, Reingold, Talwar, and Vadhan in [FOCS'10], we show that there is no fully black-box reduction from efficient, computationally differentially private protocols for computing the Hamming distance (or equivalently inner product over the integers) on $n$ bits, with additive error lower than $O\left(\frac{\sqrt{n}}{e^{\epsilon}\log(n)}\right)$, to key agreement. This complements the result by Haitner, Mazor, Silbak, and Tsfadia in [STOC'22], which showed that computing the Hamming distance implies key agreement. We conclude that key agreement is \emph{strictly} weaker than computational differential privacy for computing the inner product, thereby answering their open question on whether key agreement is sufficient

Secure Anonymous Conferencing in Quantum Networks

Users of quantum networks can securely communicate via so-called (quantum) conference key agreement—making their identities publicly known. In certain circumstances, however, communicating users demand anonymity. Here, we introduce a security framework for anonymous conference key agreement with different levels of anonymity, which is inspired by the ε-security of quantum key distribution. We present efficient and noise-tolerant protocols exploiting multipartite Greenberger-Horne-Zeilinger (GHZ) states and prove their security in the finite-key regime. We analyze the performance of our protocols in noisy and lossy quantum networks and compare with protocols that only use bipartite entanglement to achieve the same functionalities. Our simulations show that GHZ-based protocols can outperform protocols based on bipartite entanglement and that the advantage increases for protocols with stronger anonymity requirements. Our results strongly advocate the use of multipartite entanglement for cryptographic tasks involving several users

Secure Anonymous Conferencing in Quantum Networks

Users of quantum networks can securely communicate via so-called (quantum) conference key agreement—making their identities publicly known. In certain circumstances, however, communicating users demand anonymity. Here, we introduce a security framework for anonymous conference key agreement with different levels of anonymity, which is inspired by the ε-security of quantum key distribution. We present efficient and noise-tolerant protocols exploiting multipartite Greenberger-Horne-Zeilinger (GHZ) states and prove their security in the finite-key regime. We analyze the performance of our protocols in noisy and lossy quantum networks and compare with protocols that only use bipartite entanglement to achieve the same functionalities. Our simulations show that GHZ-based protocols can outperform protocols based on bipartite entanglement and that the advantage increases for protocols with stronger anonymity requirements. Our results strongly advocate the use of multipartite entanglement for cryptographic tasks involving several users

Unifying classical and quantum key distillation

Assume that two distant parties, Alice and Bob, as well as an adversary, Eve, have access to (quantum) systems prepared jointly according to a tripartite state. In addition, Alice and Bob can use local operations and authenticated public classical communication. Their goal is to establish a key which is unknown to Eve. We initiate the study of this scenario as a unification of two standard scenarios: (i) key distillation (agreement) from classical correlations and (ii) key distillation from pure tripartite quantum states. Firstly, we obtain generalisations of fundamental results related to scenarios (i) and (ii), including upper bounds on the key rate. Moreover, based on an embedding of classical distributions into quantum states, we are able to find new connections between protocols and quantities in the standard scenarios (i) and (ii). Secondly, we study specific properties of key distillation protocols. In particular, we show that every protocol that makes use of pre-shared key can be transformed into an equally efficient protocol which needs no pre-shared key. This result is of practical significance as it applies to quantum key distribution (QKD) protocols, but it also implies that the key rate cannot be locked with information on Eve's side. Finally, we exhibit an arbitrarily large separation between the key rate in the standard setting where Eve is equipped with quantum memory and the key rate in a setting where Eve is only given classical memory. This shows that assumptions on the nature of Eve's memory are important in order to determine the correct security threshold in QKD.Comment: full versio