A key agreement (or distribution) protocol is a set of communication rules whereby two users can establish a shared common key. The shared key can be used by the users in future secure communications. We analyze a key agreement protocol presented by Leighton and Micali at the CrYPTO'93 conference, which is based on tamper-proof hadware, and show that the protocol fails in that a common key shared between two users can always be easily obtained by a number of legitimate users in a system where the proposed protocol is employed. An interesting point is that the legitimate users can derive the key without opening a single tamper-proof chip. We also propose a very simple identity based conference key agreement protocol that frees of the flaw possessed by Leighton and Micali's protocol. Furthermore, we employ ideas behind our protocol to successfully repair Leighton and Micali's failed protocol.
展开▼
