Yuan et al. recently introduced a password-based group key transfer protocol that uses secret sharing, which they claim to be efficient and secure . We remark its resemblance to the construction of Harn and Lin , which Nam et al. proved vulnerable to a replay attack . It is straightforward that the same attack can be mount against Yuan et al.’s protocol, proving that the authors’ claim is false. In the same paper, Nam et al. propose a countermeasure that may also apply to Yuan et al.’s protocol. However, we show that their protocol remains susceptible to an insider attack (even if it stands against the replay attack): any malicious participant can recover the long-term secret password of any other user and therefore becomes able to compute group keys he is unauthorized to know.
F. Olimid, Ruxandra
"Cryptanalysis of a Password-based Group Key Exchange Protocol Using Secret Sharing,"
Applied Mathematics & Information Sciences: Vol. 07
, Article 44.
Available at: https://dc.naturalspublishing.com/amis/vol07/iss4/44