LAUSR

Group Key Exchange (GKE) is required for secure group communication with high confidentiality. In particular, a trusted authority can handle issues that happen by the malicious actions of group members, but it is expensive to deploy and not suitable in a dynamic setting where the network requires frequent membership status changes. To overcome these issues, we designed yet another quantum-resistant constant-round GKE based on lattice without a trusted authority based on Apon et al.’s protocol (PQCrypto 2019) by modifying their key computation phase. Then, we describe the novel dynamic authenticated GKE (called DRAG) with membership addition/deletion procedures in Ring Learning with Errors (RLWE) setting, while the former ones are built from Diffie-Hellman problem. Under the specific adversary who can leak the long-term secret key from the party, we suggest a rigorous proof of DRAG in the random oracle model based on the hardness assumption of RLWE problem and the property of Rényi divergence. As a proof of concept, implementation details are described to meet level 1 NIST security. Our implementation is reasonable for practical use since the total runtime to get a group secret key takes about 3 msec and it can be considered as a reference implementation of other quantum-resistant GKEs.