Abstract: A highly-efficient，password-based authenticated group-key exchange protocol named Pw/GAKE is constructed，which security is based-on the decisional Diffie-Hellman problem’s hardness.During this protocol’s session all group members have only one-round message transmission and only need to carry out exponential and fast hash computation（no public-key schemes are required），making it particularly suitable to mediate-scale groups in modern wireless/ad hoc networks.The protocol’s security is proved in random-oracle model by reducing its security to Abdella-Pointcheval’s 2-party key-exchange protocol（SPAKE）’s security.

Key words: password-based authentication, group key exchange, decisional Diffie-Hellman problem’s Hardness, provable security

摘要： 针对组群通讯环境中的身份认证式密钥交换问题，基于Diffie-Hellman判定性问题的难解性假设构造了一个基于口令的身份认证组群密钥交换协议Pw/GAKE。该协议具有很高的计算效率，所有组群成员仅需参与一轮消息传输和一次广播、仅需进行幂指数运算和散列运算而无需借助任何复杂的公钥密码方案，因此特别适合于无线/移动自组网络环境中的中小规模组群。在随机oracle模型下证明了该协议的安全性。该证明将协议Pw/GAKE的安全性质归结为Abdella-Pointcheval 所建立的2-方密钥交换协议SPAKE的安全性质，显示出Pw/GAKE的构造具有很强的递归特征。

关键词: 基于口令的身份认证, 组群密钥交换, Diffie-Hellman判定性问题, 可证明的安全性