Paper 2020/752
Continuous Group Key Agreement with Active Security
Joël Alwen, Sandro Coretti, Daniel Jost, and Marta Mularczyk
Abstract
A continuous group key agreement (CGKA) protocol allows a long-lived group of parties to agree on a continuous stream of fresh secret key material. The protocol must support constantly changing group membership, make no assumptions about when, if, or for how long members come online, nor rely on any trusted group managers. Due to sessions' long life-time, CGKA protocols must simultaneously ensure both post-compromise security and forward secrecy (PCFS). That is, current key material should be secure despite both past and future compromises.
The work of Alwen et al. (CRYPTO'20), introduced the CGKA primitive and identified it as a crucial component for constructing end-to-end secure group messaging protocols (SGM) (though we believe there are certainly more applications given the fundamental nature of key agreement). The authors analyzed the TreeKEM CGKA, which lies at the heart of the SGM protocol under development by the IETF working group on Messaging Layer Security (MLS).
In this work, we continue the study of CGKA as a stand-alone cryptographic primitive. We present
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- Continuous Group Key AgreementSecure MessagingMessaging Layer SecurityTreeKEMActive Security
- Contact author(s)
-
jalwen @ wickr com
sandro coretti @ iohk io
dajost @ inf ethz ch
mumarta @ inf ethz ch - History
- 2020-06-21: received
- Short URL
- https://ia.cr/2020/752
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/752, author = {Joël Alwen and Sandro Coretti and Daniel Jost and Marta Mularczyk}, title = {Continuous Group Key Agreement with Active Security}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/752}, year = {2020}, url = {https://eprint.iacr.org/2020/752} }