Paper 2021/1456

Server-Aided Continuous Group Key Agreement

Joël Alwen, Dominik Hartmann, Eike Kiltz, and Marta Mularczyk


Continuous Group Key Agreement (CGKA) -- or Group Ratcheting -- lies at the heart of a new generation of End-to-End (E2E) secure group messaging (SGM) and VoIP protocols supporting very large groups. Yet even for these E2E protocols the primary constraint limiting practical group sizes continues to be their communication complexity. To date, the most important (and only deployed) CGKA is ITK which underpins the IETF's upcoming Messaging Layer Security SGM standard. In this work, we introduce server-aided CGKA (saCGKA) to more precisely model how E2E protocols are usually deployed. saCGKA makes explicit the presence of an (untrusted) server mediating communication between honest parties (as opposed to mere insecure channels of some form or another). Next, we provide a simple and intuitive security model for saCGKA. We modify ITK accordingly to obtain SAIK; a practically efficient and easy to implement saCGKA designed to leverage the server to obtain greatly reduced communication and computational complexity (e.g. relative to ITK). Under the hood, SAIK uses a new type of signature called Reducible Signature which we construct from, so called, Weighted Accumulators. SAIK obtains further advantages by using Multi-Recipient Multi-Message PKE. Finally, we provide empirical data comparing the communication complexity for senders, receivers and the server in ITK vs. three saCGKAs including two instantiations of SAIK.

Available format(s)
Cryptographic protocols
Publication info
Preprint. Minor revision.
group messagingCGKAend-to-end encryption
Contact author(s)
alwenjo @ amazon com
dominik hartmann @ rub de
eike kiltz @ rub de
mumarta @ inf ethz ch
2021-11-06: received
Short URL
Creative Commons Attribution


      author = {Joël Alwen and Dominik Hartmann and Eike Kiltz and Marta Mularczyk},
      title = {Server-Aided Continuous Group Key Agreement},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1456},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.