Cryptanalysis of a Password-based Group Key Exchange Protocol Using Secret Sharing

Yuan et al. recently introduced a password-based group key transfer protocol that uses secret sharing, which they claim to be efficient and secure [9]. We remark its resemblance to the construction of Ham and Lin [1], which Nam et al. proved vulnerable to a replay attack [3]. It is straightforward that the same attack can be mount against Yuan et al.'s protocol, proving that the authors' claim is false. In the same paper, Nam et al. propose a countermeasure that may also apply to Yuan et al.'s protocol. However, we show that their protocol remains susceptible to an insider attack (even if it stands against the replay attack): any malicious participant can recover the long-term secret password of any other user and therefore becomes able to compute group keys he is unauthorized to know.