Dynamic asymmetric group key agreement protocol with traitor traceability

In asymmetric group key agreement (ASGKA) protocols, a group of users establish a common encryption key which is publicly accessible and compute pairwise different decryption keys. It is left as an open problem to design an ASGKA protocol with traitor traceability in Eurocrypt 2009. A one-round dynamic authenticated ASGKA protocol with public traitor traceability is proposed in this study. It provides a black-box tracing algorithm. Ind-CPA security with key compromise impersonation resilience (KCIR) and forward secrecy of ASGKA protocols is formally defined. The proposed protocol is proved to be Ind-CPA secure with KCIR and forward secrecy under D k-HDHE assumption. It is also proved that the proposed protocol resists collusion attack. In Setup algorithm and Join algorithm, one communication round is required. In Leave algorithm, no message is required to be transmitted. The proposed protocol adopts log N O(logN)-way asymmetric multilinear map to make the size of public key and the size of ciphertext both achieve O log N (logN), where N is the number of potential group members. This is the first ASGKA protocol with public traitor traceability which is more efficient than trivial construction of ASGKA protocols.