n PAKE+: A Tree-Based Group Password-Authenticated Key Exchange Protocol Using Different Passwords
nPAKE^+: A Tree-Based Group Password-Authenticated Key Exchange Protocol Using Different Passwords

Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a tree-based group PAKE protocol — nPAKE+ protocol under the setting where each party shares an independent password with a trusted server. The nPAKE+ protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(log n). Additionally, the hierarchical feature of nPAKE+ enables every subgroup to obtain its own subgroup key in the end. We also prove the security of our protocol under the random oracle model and the ideal cipher model. Electronic Supplementary Material The online version of this article (doi:) contains supplementary material, which is available to authorized users. This work is supported in part by the Concerted Research Action (GOA) Ambiorics 2005/11 of the Flemish Government and by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy). Zhiguo Wan is supported in part by a research grant of the IBBT (Interdisciplinary institute for BroadBand Technology) of the Flemish Government. A preliminary version of this paper appeared in the proceedings of ICICS’071].