Changes
j \neq i added
|align="center"|7
|align="right"|Generate secret shares
|align="center"|<math>z'_i \leftarrow (H(k_{i,j}, sid_i) \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\})</math>
|align="center"|Computation
|-
|align="center"|8
|align="right" |Encrypt shares
|align="center"|{{Font color|black|pink|<math>z_i \leftarrow GroupEnc(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\}, z'_i)</math>}}
|align="center"|Computation
|-
# <math>z'_i</math> remains unknown for any <math>\mathcal{A} \not \in G</math> eavesdropping the channel <math>\mathcal{C}</math>.
To this end each member <math>U_i</math> compute <math>z_i := GroupEnc(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,...,n\}, z'_i)</math> and broadcast <math>z_i</math> on <math>\mathcal{C}</math>. Later on when <math>U_i</math> receives all <math>z_j</math>. It recovers all secrets <math>z'_i</math> by computing <math>GroupDec(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,...,n\}, z_i)</math>.
===(n+1)sec key exchange vs original Flexible Group Key Exchange of [ACMP10]===
|-
|align="right"|Generate secret shares
|align="center"|<math>z'_i \leftarrow (H(k_{i,j}, sid_i) \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\})</math>
|align="center"|Computation
|-
|align="right" |Encrypt shares
|align="center"|<math>z_i \leftarrow GroupEnc(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\}, z')</math>
|align="center"|Computation
|-
|align="right"| If (all) participants have sent their ephemeral keys compute the shared secret
|align="center"|If <math>ustate_{j}[i] \stackrel{?}{=} 1</math> for all ''j''
in {1,...''n}, then <math> meta\_data \leftarrow (meta\_data, GroupEnc(k_{i_j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\}, z'))</math>
|align="center"|Computation
|-
