Problem $5.$ Group key exchange. $n$ parties $A_1,$dots,$A_n$ want to setup a group secret key that they

can use for encrypted group messaging. For simplicity, let's assume $n$ is a power of two. They

have at their disposal a public bulletin board $($a cloud server$)$ that they can all post messages

to and that will be visible to all of them, as well as to the rest of the world. Our goal here is to

design a group key exchange that is secure against a passive eavesdropper.

a$.$ Let $G$ be a group of prime order $q$ with generator ginG. Let $H$:$G{Z}_q$ be a random hash

function. Your goal is to design a protocol based on two$-$party $($anonymous$)$ Diffie$-$Hellman

that runs in at most $lo{g}_{2}n$ rounds. In each round every party posts at most one group element

in $G$ to the bulletin board and reads at most one group element from the bulletin board.

The parties can only send messages to the bulletin board; no peer$-$to$-$peer communication is

allowed. At the end of the protocol, after $lo{g}_{2}n$ rounds, all parties obtain the same secret key

and there are at most $2n$ group elements on the bulletin board. You may assume that the

parties know each other's identities and can order themselves lexicographically by identity.

Hint: think of an $n-$leaf binary tree where each leaf corresponds to one party.b$.$ Suppose one of the $n$ parties has a malfunctioning random number generator $-$ whenever

that party needs to sample a random number in $Z_q,$ its random number generator always

returns $5in{Z}_q.$ Show that this will sink the entire protocol from part $($a$),$ even if all the

other participants have well functioning random number generators. Specifically, show that

an eavesdropper will learn the group secret key.

c$.$ Is it possible to design a group key exchange protocol among $n$ parties that is secure against

passive eavesdropping even if at most one of the participants suffers from the problem in

part $($b$)?$ Justify your answer.