Security of Tseng–Jan’s conference key distribution system

摘要

Recently, Tseng and Jan presented anonymous conference key distribution systems that make use of the interpolating properties of polynomials. However, their protocol has some limitations in that users are not able to check the correctness of the distributed conference key but also verify if they take part in any particular protocol run. This leads to the possibility of an active attack. In this article, we show that Tseng and Jan’s protocol does not work properly because of its incompleteness. We also describe a simple and promising remedy to such a problem.