A secure fault-tolerant conference-key agreement protocol

When a group of people want to communicate securely over an open network, they run a conference-key protocol to establish a common conference key K such that all their communications thereafter are encrypted with the key K. In this paper, we propose a provably secure fault-tolerant conference-key agreement protocol under the authenticated broadcast channel model. We show that a passive adversary gets zero knowledge about the conference key established by the honest participants under the assumption of a variant Diffie-Hellman decision problem. We also show that the honest participants can agree on a common conference key no matter how many participants are malicious. Furthermore, we show that even if the broadcast channel is not authenticated, our protocol is secure against impersonators under the random oracle model.