Paper 2022/1411

Cryptographic Administration for Secure Group Messaging

David Balbás, IMDEA Software Institute, Universidad Politécnica de Madrid
Daniel Collins, École Polytechnique Fédérale de Lausanne
Serge Vaudenay, École Polytechnique Fédérale de Lausanne

Many real-world group messaging systems delegate group administration to the application level, failing to provide formal guarantees related to group membership. Taking a cryptographic approach to group administration can prevent both implementation and protocol design pitfalls that result in a loss of confidentiality and consistency for group members. In this work, we introduce a cryptographic framework for the design of group messaging protocols that offer strong security guarantees for group membership. To this end, we extend the continuous group key agreement (CGKA) paradigm used in the ongoing IETF MLS group messaging standardisation process and introduce the administrated CGKA (A-CGKA) primitive. Our primitive natively enables a subset of group members, the group admins, to control the addition and removal of parties and to update their own keying material in a secure manner. We embed A-CGKA with a novel correctness notion which provides guarantees for group evolution and consistency, and a security model that prevents even corrupted (non-admin) members from forging messages that add new users to a group. Moreover, we present two efficient and modular constructions of group administrators that are correct and secure with respect to our definitions. Finally, we propose, implement, and benchmark an efficient extension of MLS that integrates cryptographic administrators. Our constructions admit little overhead over running a CGKA and can be extended to support advanced admin functionalities.

Available format(s)
Cryptographic protocols
Publication info
Secure Messaging Group Messaging Group Administrators MLS CGKA
Contact author(s)
david balbas @ imdea org
daniel collins @ epfl ch
serge vaudenay @ epfl ch
2022-10-23: approved
2022-10-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {David Balbás and Daniel Collins and Serge Vaudenay},
      title = {Cryptographic Administration for Secure Group Messaging},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1411},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.