One reason for this discrepancy in security guarantees is that most existing group messaging protocols are fundamentally synchronous, and thus cannot be used in the asynchronous world of mobile communications. In this paper we show that this is not necessary, presenting a design for a tree-based group key exchange protocol in which no two parties ever need to be online at the same time, which we call Asynchronous Ratcheting Tree (ART). ART achieves strong security guarantees, in particular including post-compromise security.
We give a computational security proof for ART's core design as well as a proof-of-concept implementation, showing that ART scales efficiently even to large groups. Our results show that strong security guarantees for group messaging are achievable even in the modern, asynchronous setting, without resorting to using inefficient point-to-point communications for large groups. By building on standard and well-studied constructions, our hope is that many existing solutions can be applied while still respecting the practical constraints of mobile devices.
Category / Keywords: cryptographic protocols / Date: received 5 Jul 2017, last revised 18 Jan 2018 Contact author: cas cremers at gmail com Available format(s): PDF | BibTeX Citation Note: Updated to v2.0. Changelog in Appendix. Version: 20180118:110758 (All versions of this report) Short URL: ia.cr/2017/666