Paper 2022/1411

Cryptographic Administration for Secure Group Messaging

David Balbás, IMDEA Software Institute, Universidad Politécnica de Madrid
Daniel Collins, École Polytechnique Fédérale de Lausanne
Serge Vaudenay, École Polytechnique Fédérale de Lausanne
Abstract

Many real-world group messaging systems delegate group administration to the application level, failing to provide formal guarantees related to group membership. Taking a cryptographic approach to group administration can prevent both implementation and protocol design pitfalls that result in a loss of confidentiality and consistency for group members. In this work, we introduce a cryptographic framework for the design of group messaging protocols that offer strong security guarantees for group membership. To this end, we extend the continuous group key agreement (CGKA) paradigm used in the ongoing IETF MLS group messaging standardisation process and introduce the administrated CGKA (A-CGKA) primitive. Our primitive natively enables a subset of group members, the group admins, to control the addition and removal of parties and to update their own keying material in a secure manner. We embed A-CGKA with a novel correctness notion which provides guarantees for group evolution and consistency, and a security model that prevents even corrupted (non-admin) members from forging messages that add new users to a group. Moreover, we present two efficient and modular constructions of group administrators that are correct and secure with respect to our definitions. Finally, we propose, implement, and benchmark an efficient extension of MLS that integrates cryptographic administrators. Our constructions admit little overhead over running a CGKA and can be extended to support advanced admin functionalities.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. USENIX Security 2023
Keywords
Secure MessagingGroup MessagingGroup AdministratorsMLSCGKA
Contact author(s)
david balbas @ imdea org
daniel collins @ epfl ch
serge vaudenay @ epfl ch
History
2023-08-07: revised
2022-10-18: received
See all versions
Short URL
https://ia.cr/2022/1411
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1411,
      author = {David Balbás and Daniel Collins and Serge Vaudenay},
      title = {Cryptographic Administration for Secure Group Messaging},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1411},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1411}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.