Cryptanalysis of a group key transfer protocol based on secret sharing

Group key establishment protocols allow a set of communicating parties to establish a common secret key. Due to their significance in building a secure multicast channel, a number of group key establishment protocols have been suggested over the years for a variety of settings. Among the many protocols is Harn and Lin's group key transfer protocol based on Shamir's secret sharing. This group key transfer protocol was designed to work in the setting where a trusted key generation center shares a long-term secret with each of its registered users. As for security, Harn and Lin claim that their protocol prevents the long-term secret of each user from being disclosed to other users. But, we found this claim is not true. Unlike the claim, Harn and Lin's protocol cannot protect users' long-term secrets against a malicious user. We here report this security problem with the protocol and show how to address it.