Out-of-band authenticated group key exchange: From strong authentication to immediate key delivery

Moni Naor, Lior Rotem, Gil Segev

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


Given the inherent ad-hoc nature of popular communication platforms, out-of-band authenticated key-exchange protocols are becoming widely deployed: Key exchange protocols that enable users to detect man-in-the-middle attacks by manually authenticating one short value. In this work we put forward the notion of immediate key delivery for such protocols, requiring that even if some users participate in the protocol but do not complete it (e.g., due to losing data connectivity or to other common synchronicity issues), then the remaining users should still agree on a shared secret. A property of a similar flavor was introduced by Alwen, Coretti and Dodis (EUROCRYPT’19) asking for immediate decryption of messages in user-to-user messaging while assuming that a shared secret has already been established – but the underlying issue is crucial already during the initial key exchange and goes far beyond the context of messaging. Equipped with our immediate key delivery property, we formalize strong notions of security for out-of-band authenticated group key exchange, and demonstrate that the existing protocols either do not satisfy our notions of security or are impractical (these include, in particular, the protocols deployed by Telegram, Signal and WhatsApp). Then, based on the existence of any passively-secure key-exchange protocol (e.g., the Diffie-Hellman protocol), we construct an out-of-band authenticated group key-exchange protocol satisfying our notions of security. Our protocol is inspired by techniques that have been developed in the context of fair string sampling in order to minimize the effect of adversarial aborts, and offers the optimal tradeoff between the length of its out-of-band value and its security.

Original languageAmerican English
Title of host publication1st Conference on Information-Theoretic Cryptography, ITC 2020
EditorsYael Tauman Kalai, Adam D. Smith, Daniel Wichs
PublisherSchloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
ISBN (Electronic)9783959771511
StatePublished - 1 Jun 2020
Event1st Conference on Information-Theoretic Cryptography, ITC 2020 - Virtual, Boston, United States
Duration: 17 Jun 202019 Jun 2020

Publication series

NameLeibniz International Proceedings in Informatics, LIPIcs
ISSN (Print)1868-8969


Conference1st Conference on Information-Theoretic Cryptography, ITC 2020
Country/TerritoryUnited States
CityVirtual, Boston

Bibliographical note

Publisher Copyright:
© Moni Naor, Lior Rotem, and Gil Segev; licensed under Creative Commons License CC-BY


  • End-to-end encryption
  • Key exchange
  • Out-of-band authentication


Dive into the research topics of 'Out-of-band authenticated group key exchange: From strong authentication to immediate key delivery'. Together they form a unique fingerprint.

Cite this