The cryptographic core of the MLS protocol (from which it inherits essentially all of its efficiency and security properties) is a Continuous Group Key Agreement (CGKA) protocol. CGKA protocols provide asynchronous E2E secure group management by allowing group members to agree on a fresh independent symmetric key after every change to the group's state (e.g. when someone joins/leaves the group).
In this work, we make progress towards a precise understanding of the insider security of MLS in the form of 3 contributions. On the theory side, we overcome several subtelties to formulate the first notion of insider security for a CGKA (or group messaging) protocol. Next, we isolate the core components of MLS to obtain a CGKA protocol we dubbed Insider Secure TreeKEM (ITK). Finally, we give a rigorous proof that ITK provides (adaptive) insider security. In particular, this work also initiates the study of insider secure CGKA protocols, a primitive of interest in its own right.
Category / Keywords: cryptographic protocols / Message Layer Security, MLS, TreeKEM, Secure Messaging Date: received 22 Oct 2020 Contact author: jalwen at wickr com, daniel jost@cs nyu edu, mumarta@inf ethz ch Available format(s): PDF | BibTeX Citation Version: 20201023:084942 (All versions of this report) Short URL: ia.cr/2020/1327