Abstract
In a group key exchange (GKE) protocol, the resulting group key should be computed by all participants such that none of them can gain any advantage concerning the protocol's output: misbehaving participants might have personal advantage in influencing the value of the group key. In fact, the absence of trust relationship is the main feature of GKE (when compared with group key transport) protocols. The existing notions of security are enlarged by identifying limitations in some previously proposed security models while taking into account different types of corruptions (weak and strong). To illustrate these notions, two efficient and provably secure generic solutions, compilers, are presented.