# Changes

## Np1sec

301 bytes added, 5 years ago
|align="center"|7
|align="right"|Generate secret shares
|align="center"|$z'_i \leftarrow (H(k_{i,j}, sid_i) \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\})$
|align="center"|Computation
|-
|align="center"|8
|align="right" |Encrypt shares
|align="center"|{{Font color|black|pink|$z_i \leftarrow GroupEnc(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\}, z'_i)$}}
|align="center"|Computation
|-
# $z'_i$ remains unknown for any $\mathcal{A} \not \in G$ eavesdropping the channel $\mathcal{C}$.
To this end each member $U_i$ compute $z_i := GroupEnc(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,...,n\}, z'_i)$ and broadcast $z_i$ on $\mathcal{C}$. Later on when $U_i$ receives all $z_j$. It recovers all secrets $z'_i$ by computing $GroupDec(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,...,n\}, z_i)$.
===(n+1)sec key exchange vs original Flexible Group Key Exchange of [ACMP10]===
|-
|align="right"|Generate secret shares
|align="center"|$z'_i \leftarrow (H(k_{i,j}, sid_i) \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\})$
|align="center"|Computation
|-
|align="right" |Encrypt shares
|align="center"|$z_i \leftarrow GroupEnc(k_{i,j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\}, z')$
|align="center"|Computation
|-
|align="right"| If (all) participants have sent their ephemeral keys compute the shared secret
|align="center"|If $ustate_{j}[i] \stackrel{?}{=} 1$ for all ''j''
in {1,...''n}, then $meta\_data \leftarrow (meta\_data, GroupEnc(k_{i_j} \, \textrm{for } \, j \neq i \, \textrm{and} \, j \in \{1,\dots,n\}, z'))$
|align="center"|Computation
|-