A protocol compiler is presented which transforms any unauthenticated (attribute-based) group key establishment protocol into an authenticated attributebased group key establishment. If the protocol to which the compiler is applied does not make use of long-term secrets, then the resulting protocol is, in addition, deniable. In particular, applying our compiler to an unauthenticated 2-round protocol going back to Burmester and Desmedt results in a 3-round solution for attribute-based group key establishment, offering both forward secrecy and deniability.
展开▼
