nPAKE^+: A Tree-Based Group Password-Authenticated Key Exchange Protocol Using Different Passwords

Although two-party password-authenticated key exchange (PAKE) protocolshave been intensively studied in recent years, group PAKE protocols havereceived little attention. In this paper, we propose a tree-based groupPAKE protocol --- nPAKE^+ protocol under the setting where each partyshares an \em independent password with a trusted server. ThenPAKE^+ protocol is a novel combination of the hierarchical key treestructure and the password-based Diffie-Hellman exchange, and hence itachieves substantial gain in computation efficiency. In particular, thecomputation cost for each client in our protocol is only O(\log n).Additionally, the hierarchical feature of nPAKE^+ enables everysubgroup to obtain its own subgroup key in the end. We also prove thesecurity of our protocol under the random oracle model and the idealcipher model.