5*-/*12+-+*+-*-++-++==VIII.1 Schematic view of the key exchange==

The protocol computes a unified session key for all participants. This imposes, in particular, the necessity that all <math>plist_i</math>' is identical for all participants. However-*++-However, as consistent view is part of ''(n+1)sec'' security model, it does not impose extra limitation on the protocol. For more information please see [[#Participatory_vs_individually_independent_computation_of_group_keys|Appendix B: Participatory vs individually independent computation of group keys]].

|align="center"|{{Font color|black|pink|<math>z_i \leftarrow GroupEnc(k_{i_j} for j \in \{1,\dots,n\}, z'_i)</math>}}

|align="center"|{{Font color|black|pink|<math>sk_{i} \leftarrow H(GroupDec(k_{i,jl}\forall l, z_j \; ) \forall j),sid_i, U_j) =H(z'_1, \; \forall j \neq idots, z'_n, sid_i) </math>}}

For the high level design of the protocol we do not specify the primitives for ''GroupEnc'' and ''GroupDec'' used in steps '''XX8''' and '''XX14''' of Alogrithm 1 as a part of the protocol, as we do not specifies the Hash function and the block cipher. We explain their property here. We choose a candidate in section IX.4.

To this end each member <math>U_i</math> compute <math>z_i := GroupEnc(k_{i,j} for j \in \{1,...,n\}, z'_i)</math> and broadcast <math>z_i</math> on <math>\mathcal{C}</math>. Later on when <math>U_i</math> receives all <math>z_j</math>. It recovers all secrets <math>z'_i</math> by computing <math>GroupDec(k_{i,j} for j \in \{1,...,n\}, z'_iz_i)</math>.