為了便於電腦稽核或交易仲裁,系統需要保存真實資料。然而,通常通訊雙方會將通訊內容予以加密以防止不法份子之竊聽或攻擊;如此將造成稽核者或仲裁者無法線上即時予以監控或直接介入通訊。此一惱人的問題自從Joux設計出第一個高效率之三方式金鑰協定後,將得以有效的解決。一個三方式金鑰協定允許通訊的三方可以高效率的進行金鑰協議進而對彼此通訊做安全之加密,如此仲裁者或稽核者便可以安全地加入通訊雙方。然而,現今已發表之三方金鑰協定仍存在著諸多的安全弱點。此篇論文將檢視一些近日發表論文之弱點,並提出一新的機制以改善安全功能及效率。我們將在修訂之Bellare-Pointcheval-Rogaway模型中證明此協定的安全。
Computer auditing and transaction refereeing require the system to keep genuine records. However, it is difficult for an auditor or a referee to on-line audit the contents or involve in the communication while the communication is kept confidential from others. This problem has a promising solution, when Joux proposed the first efficient tripartite key agreement protocol that enables three parties (that might include one referee) to establish a secure session key. However, several published schemes are not secure. This paper examines the weaknesses, and then proposes an ID-based tripartite multiple key agreement protocol to raise the level of security and improve the efficiency. The security is proved in a modified Bellare-Pointcheval-Rogaway model.