Consider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed.
展开▼