Provably insecure group authentication: Not all security proofs are what they claim to be. (arXiv:2005.05376v3 [cs.CR] UPDATED)

A paper presented at the ICICS 2019 conference describes what is claimed to
be a `provably secure group authentication [protocol] in the asynchronous
communication model’. We show here that this is far from being the case, as the
protocol is subject to serious attacks. To try to explain this troubling case,
an earlier (2013) scheme on which the ICICS 2019 protocol is based was also
examined and found to possess even more severe flaws – this latter scheme was
previously known to be subject to attack, but not in quite as fundamental a way
as is shown here. Examination of the security theorems provided in both the
2013 and 2019 papers reveals that in neither case are they exactly what they
seem to be at first sight; the issues raised by this are also briefly
discussed.