Paper 2024/1097
The Cost of Maintaining Keys in Dynamic Groups with Applications to Multicast Encryption and Group Messaging
Abstract
In this work we prove lower bounds on the (communication) cost of maintaining a shared key among a dynamic group of users. Being "dynamic'' means one can add and remove users from the group. This captures important protocols like multicast encryption (ME) and continuous group-key agreement (CGKA), which is the primitive underlying many group messaging applications. We prove our bounds in a combinatorial setting where the state of the protocol progresses in rounds. The state of the protocol in each round is captured by a set system, with each of its elements specifying a set of users who share a secret key. We show this combinatorial model implies bounds in symbolic models for ME and CGKA that capture, as building blocks, PRGs, PRFs, dual PRFs, secret sharing, and symmetric encryption in the setting of ME, and PRGs, PRFs, dual PRFs, secret sharing, public-key encryption, and key-updatable public-key encryption in the setting of CGKA. The models are related to the ones used by Micciancio and Panjwani (Eurocrypt'04) and Bienstock et al. (TCC'20) to analyze ME and CGKA, respectively. We prove - using the Bollobás' Set Pairs Inequality - that the cost (number of uploaded ciphertexts) for replacing a set of $d$ users in a group of size $n$ is $\Omega(d\ln(n/d))$. Our lower bound is asymptotically tight and both improves on a bound of $\Omega(d)$ by Bienstock et al. (TCC'20), and generalizes a result by Micciancio and Panjwani (Eurocrypt'04), who proved a lower bound of $\Omega(\log(n))$ for $d=1$.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in TCC 2024
- DOI
- 10.1007/978-3-031-78011-0_14
- Keywords
- group messagingcontinuous group key agreementCGKAmulticast encryptionlower bound
- Contact author(s)
-
michael anastos @ ista ac at
benedikt auerbach @ pqshield com
mbaig @ ista ac at
mcuetono @ ista ac at
matthew kwan @ ista ac at
gpasper @ proton me
pietrzak @ ista ac at - History
- 2024-12-09: revised
- 2024-07-05: received
- See all versions
- Short URL
- https://ia.cr/2024/1097
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1097, author = {Michael Anastos and Benedikt Auerbach and Mirza Ahad Baig and Miguel Cueto Noval and Matthew Kwan and Guillermo Pascual-Perez and Krzysztof Pietrzak}, title = {The Cost of Maintaining Keys in Dynamic Groups with Applications to Multicast Encryption and Group Messaging}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1097}, year = {2024}, doi = {10.1007/978-3-031-78011-0_14}, url = {https://eprint.iacr.org/2024/1097} }