An attack is demonstrated on a previously proposed class of key agreement protocols. Analysis of the attack reveals that a small change in the construction of the protocols is sufficient to prevent the attack. The insight gained allows a generalisation of the class to a new design for conference key agreement protocols.

Abstract. A conference key protocol allows a group of participants to establish a secret communication (conference) key so that all their communications thereafter are protected by the key. In this paper we consider the distributed conference key (conference key agreement) protocol. We present two round-efficient conference key agreement protocols, which achieve the optimum in terms of the number of rounds. Our protocols are secure against both passive and active adversaries under the random oracle model. They release no useful information to passive adversaries and achieve fault tolerance against any coalition of malicious participants. We achieve the optimal round by transferring an interactive proof system to a non-interactive version, while preserving its security capability. 1