Abstract: This paper proposes a computationally secure and fault-tolerant conference key distribution scheme, which only requires the authenticated and encrypted point-to-point channels between each server and each user. By the combined use of knowledge proof and verifiable secret sharing, the scheme has the properties of simple structure and high security. Analysis shows that every honest user of a conference can get a common key after the running of the protocol, even if a minority of the servers malfunction or misbehave. We also show that on the assumption of a Diffie-Hellman decisional problem, a passive adversary gets zero knowledge about the conference key, and the active adversary cannot impersonate someone successfuly. Because the knowledge proof method we adopt is non-interactive, both operation and communication overheads are reduced, thus making the schemes very efficient.

Key words: conference key distribution, fault-tolerant, computationally secure, verifiable secret sharing, knowledge proof