Affiliation-hiding authenticated asymmetric group key agreement

We introduce the concept of Affiliation-Hiding Authenticated Asymmetric Group Key Agreement (AH-AAGKA) and construct a concrete one-round AH-AAGKA protocol. An AH-AAGKA protocol allows the participants of a group to establish a common encryption key associated with several decryption keys; each of which can only be computed by the corresponding legitimate group member. An AH-AAGKA protocol has the following privacy feature. For a member _i of a group G, if _i participates in an AH-AAGKA protocol, any protocol participant _j cannot learn whether _i is a member of G, unless _j himself is a member of group G. Our scheme demonstrates new features in comparison with other existing AH-AGKA protocols. If non-group members participate in our protocol, honest parties can identify these non-group members. Our scheme also captures Unlinkability and Perfect Forward Secrecy (PFS), which are missing in other existing schemes. We propose a novel security model to prove that our protocol holds PFS and present a new privacy model to prove that our scheme meets Affiliation-Hiding property.