Abstract: | A recent primitive known as asymmetric group key agreement (AGKA) allows a group of users to negotiate a common encryption key which is accessible to any entities and corresponds to different decryption keys, each of which is only computable by one group member. This concept makes it easy to construct distributed and one-round group key agreement protocols. However, this existing instantiation depends on public key infrastructure (PKI) associated with certificate management, or it is only secure against passive adversaries. This paper addresses this concern by designing a certificateless authenticated AGKA scheme, which does not require certificates to guarantee the authenticity of public keys yet avoids the inherent escrow problem of identity-based cryptosystems. Using simple binding techniques, the proposed scheme can be raised to the same trust level as that using the traditional PKI. We show that the proposed protocol is secure provided that the underlying k-bilinear Diffie–Hellman exponent problem is hard. |