The Hsu-Harn-Mu-Zhang-Zhu group key establishment protocol is insecure
This exposes a critical flaw in a cryptographic protocol, posing risks for secure group communication, and is incremental as it critiques an existing method.
The paper identifies a security vulnerability in the Hsu-Harn-Mu-Zhang-Zhu group key establishment protocol that enables a malicious insider to fraudulently establish a group key with a victim, with the attacker controlling the key, rendering the protocol insecure and unusable.
A significant security vulnerability in a recently published group key establishment protocol is described. This vulnerability allows a malicious insider to fraudulently establish a group key with an innocent victim, with the key chosen by the attacker. This shortcoming is sufficiently serious that the protocol should not be used.