• group key agreement;
  • ephemeral secret leakage;
  • signature


In 2011, Zhao et al. presented a new security model of group key agreement (GKA) by considering ephemeral secret leakage (ESL) attacks. Meanwhile, they proposed a strongly secure GKA protocol under the new model. In this paper, two security weaknesses on their protocol are pointed out and remedied, in which, their GKA protocol must rely on a signature scheme with existential unforgeability under adaptive chosen message attacks (UF-ACMA) to achieve the security goals of authenticated key exchange and mutual authentication in the new model. We argue and illustrate that a UF-ACMA secure signature scheme is insufficient to promise the security goals because the employed signature scheme does not consider the ESL attacks. For providing authentication functionality of some future cryptographic mechanisms (e.g., authenticated GKA protocols, authenticated key agreement protocols, and authentication schemes) resistant to the ESL attacks, we define a novel security notion for digital signature schemes, termed existential UF-ACM and ephemeral secret leakage attacks. On the basis of Schnorr's signature scheme, we propose the first UF-ACM and ephemeral secret leakage attacks secure signature scheme. We demonstrate that the proposed scheme is provably secure under the hardness of computing discrete logarithms in the random oracle model. Copyright © 2014 John Wiley & Sons, Ltd.