Common use of Our Contribution Clause in Contracts

Our Contribution. This paper investigates a close variation of the above mentioned problem of one-round group key agreement protocols and focuses on “how to establish a confidential channel from scratch for multiple parties in one round”. We provide a short overview of some new ideas to solve this variation. Asymmetric GKA. Observe that a major goal of GKAs for most appli- cations is to establish a confidential broadcast channel among the group. We investigate the potentiality to establish this channel in an asymmetric manner in the sense that the group members merely negotiate a common encryption key (accessible to attackers) but hold respective secret decryption keys. We in- troduce a new class of GKA protocols which we name asymmetric group key agreements (ASGKAs), in contrast to the conventional GKAs.A trivial solution is for each member to publish a public key and withhold the respective secret key, so that the final ciphertext is built as a concatenation of the underlying individual ones. However, this trivial solution is highly inefficient: the ciphertext increases linearly with the group size; furthermore, the sender has to keep all the public keys of the group members and separately encrypt for each member. We are interested in nontrivial solutions that do not suffer from these limitations. Aggregatable signature-based broadcast (ASBB). Our proposals rely on a new notion named aggregatable signature-based broadcast. In an ASBB scheme, the public key can be simultaneously used to verify signatures and en- crypt messages, and any valid signature can be used to decrypt ciphertexts un- der this public key; furthermore, an ASBB scheme satisfies the key-homomorphic property and the aggregatability property. The key-homomorphic property means that the combination of signatures on the same message produces a valid sig- nature of this message under the combination of the corresponding public keys. As a consequence, the combined signature can be used as a decryption key of the new ASBB instance. Aggregatability states that the combination of secure ASBB instances produces a new secure ASBB instance. Non-trivial one-round ASGKA. We propose a non-trivial one-round AS- GKA scheme. Our idea is to generate the public key of an ASBB scheme in a distributed manner, such that only each member can obtain a signature under this public key. These signatures can be used as their respective decryption keys anda confidential channel among the group is established. We build an efficient ASBB scheme from bilinear pairings and prove its security under the decision n-Bilinear ▇▇▇▇▇▇-▇▇▇▇▇▇▇ exponentiation (n-BDHE) assumption with the help ofa random oracle. By following the generic construction and exploiting the ran- domness in the setup stage, we instantiate a one-round ASGKA protocol and tightly reduce its security to the decision n-BDHE assumption in the standard model (without using random oracles). The proposed one-round ASGKA proto- col achieves the confidential channel ofa one-round conventional GKA protocol. Also, our ASGKA proposal has additional advantages, e.g., serving as a public key based broadcast scheme without requiringa dealer.

Our Contribution. ‌ This paper investigates a close variation of the above mentioned problem of one-round group key agreement protocols and focuses on “how to establish a confidential confidential channel from scratch for multiple parties in one round”. We provide a short overview of some new ideas to solve this variation. Asymmetric GKA. Observe that a major goal of GKAs for most appli- cations is to establish a confidential broadcast channel among the group. We investigate the potentiality to establish this channel in an asymmetric manner in the sense that the group members merely negotiate a common encryption key (accessible to attackers) but hold respective secret decryption keys. We in- troduce a new class of GKA protocols which we name asymmetric group key agreements (ASGKAs), in contrast to the conventional GKAs.. A trivial solution is for each member to publish a public key and withhold the respective secret key, so that the final ciphertext is built as a concatenation of the underlying individual ones. However, this trivial solution is highly inefficient: the ciphertext increases linearly with the group size; furthermore, the sender has to keep all the public keys of the group members and separately encrypt for each member. We are interested in nontrivial solutions that do not suffer from these limitations. Aggregatable signature-based broadcast (ASBB). Our proposals rely on a new notion named aggregatable signature-based broadcast. In an ASBB scheme, the public key can be simultaneously used to verify signatures and en- crypt messages, and any valid signature can be used to decrypt ciphertexts un- der this public key; furthermore, an ASBB scheme satisfies the key-homomorphic property and the aggregatability property. The key-homomorphic property means that the combination of signatures on the same message produces a valid sig- nature of this message under the combination of the corresponding public keys. As a consequence, the combined signature can be used as a decryption key of the new ASBB instance. Aggregatability states that the combination of secure ASBB instances produces a new secure ASBB instance. Non-trivial one-round ASGKA. We propose a non-trivial one-round AS- GKA scheme. Our idea is to generate the public key of an ASBB scheme in a distributed manner, such that only each member can obtain a signature under this public key. These signatures can be used as their respective decryption keys anda and a confidential channel among the group is established. We build an efficient ASBB scheme from bilinear pairings and prove its security under the decision n-Bilinear ▇▇▇▇▇▇-▇▇▇▇▇▇▇ exponentiation (n-BDHE) assumption with the help ofa of a random oracle. By following the generic construction and exploiting the ran- domness in the setup stage, we instantiate a one-round ASGKA protocol and tightly reduce its security to the decision n-BDHE assumption in the standard model (without using random oracles). The proposed one-round ASGKA proto- col achieves the confidential channel ofa of a one-round conventional GKA protocol. Also, our ASGKA proposal has additional advantages, e.g., serving as a public key based broadcast scheme without requiringa requiring a dealer.