Centralized Threshold Key Generation Protocol Based on Shamir Secret Sharing and HMAC Authentication

Many group key management protocols have been proposed to manage key generation and distribution of vehicular communication. However, most of them suffer from high communication and computation costs due to the complex elliptic curve and bilinear pairing cryptography. Many shared secret protocols have been proposed using polynomial evaluation and interpolation to solve the previous complexity issues. This paper proposes an efficient centralized threshold shared secret protocol based on the Shamir secret sharing technique and supporting key authentication using Hashed Message Authentication Code Protocol (HMAC). The proposed protocol allows the group manager to generate a master secret key for a group of <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>n</mi></mrow></semantics></math></inline-formula> vehicles and split this key into secret shares; each share is distributed securely to every group member. <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>t</mi></mrow></semantics></math></inline-formula>-of-<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>n</mi></mrow></semantics></math></inline-formula> vehicles must recombine their secret shares and recover the original secret key. The acceptance of the recovered key is based on the correctness of the received HMAC signature to verify the group manager’s identity and ensure the key confidentiality. The proposed protocol is unconditionally secure and unbreakable using infinite computing power as <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>t</mi></mrow></semantics></math></inline-formula>, or more than <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>t</mi></mrow></semantics></math></inline-formula> secret shares are required to reconstruct the key. In contrast, attackers with <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>t</mi><mo>−</mo><mn>1</mn></mrow></semantics></math></inline-formula> secret shares cannot leak any information about the original secret key. Moreover, the proposed protocol reduces the computation cost due to using polynomial evaluation to generate the secret key and interpolation to recover the secret key, which is very simple and lightweight compared with the discrete logarithm computation cost in previous protocols. In addition, utilizing a trusted group manager that broadcasts some public information is important for the registered vehicles to reconstruct the key and eliminate secure channels between vehicles. The proposed protocol reduces the communication cost in terms of transmitted messages between vehicles from <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>2</mn><mrow><mo>(</mo><mrow><mi>t</mi><mo>−</mo><mn>1</mn></mrow><mo>)</mo></mrow></mrow></semantics></math></inline-formula> messages in previous shared secret protocols to zero messages. Moreover, it reduces the received messages at vehicles from <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>2</mn><mi>t</mi></mrow></semantics></math></inline-formula> to two messages. At the same time, it allows vehicles to store only a single secret share compared with other shared secret protocols that require storage of <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>t</mi></mrow></semantics></math></inline-formula> secret shares. The proposed protocol security level outperforms the other shared secret protocols security, as it supports key authentication and confidentiality using HMAC that prevents attackers from compromising or faking the key.