Open AccessPosted Content
Continuous Group Key Agreement with Active Security.
TL;DR: This work believes its to be the first security notions to formulate meaningful guarantees against powerful adversaries against CGKA and proves each scheme optimally secure, in the sense that the only security violations possible are those necessarily implied by correctness.
read more
Abstract: A continuous group key agreement (CGKA) protocol allows a long-lived group of parties to agree on a continuous stream of fresh secret key material CGKA protocols allow parties to join and leave mid-session but may neither rely on special group managers, trusted third parties, nor on any assumptions about if, when, or for how long members are online CGKA captures the core of an emerging generation of highly practical end-to-end secure group messaging (SGM) protocols
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Modular Design of Secure Group Messaging Protocols and the Security of MLS
Joël Alwen,Sandro Coretti,Yevgeniy Dodis,Yiannis Tselekounis +3 more
- 12 Nov 2021
TL;DR: In this article, the authors formally capture the security of the full Messaging Layer Security (MLS) protocol by defining a corresponding security game, which is parametrized by a safety predicate that characterizes the exact level of security achieved by a construction.
40
On the Price of Concurrency in Group Ratcheting Protocols
Alexander Bienstock,Yevgeniy Dodis,Paul Rösler +2 more
- 16 Nov 2020
TL;DR: This work formally study the trade-off between PCS, concurrency, and communication overhead in the context of group ratcheting, and proves an almost matching upper bound of O(t·(1+log(n/t))), which smoothly increases from O(logn) with no concurrency to O(n) with unbounded concurrency.
Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement
Karen Klein,Guillermo Pascual-Perez,Michael Walter,Chethan Kamath,Margarita Capretto,Miguel Cueto,Ilia Markov,Michelle Yeo,Joël Alwen,Krzysztof Pietrzak +9 more
- 23 May 2021
TL;DR: In this article, the authors formalize and analyze a variant of TreeKEM called Tainted Tree-KEM (TTKEM for short), which is more efficient than the original tree-kem for some natural distributions of group operations.
28
CoCoA: Concurrent Continuous Group Key Agreement
Joël Alwen,Benedikt Auerbach,Miguel Cueto Noval,Karen Klein,Guillermo Pascual-Perez,Krzysztof Pietrzak,Michael Wahler +6 more
TL;DR: CoA is proposed; a new scheme that allows for T concurrent updates that are neither damaging nor costly, that is, they add no cost to future operations yet they only require Ω(log(n)) communication per user.
24
•Posted Content
On The Insider Security of MLS.
TL;DR: This work isolates the core components of MLS to obtain a CGKA protocol the authors dub Insider Secure TreeKEM (ITK), and gives a rigorous security proof for ITK, which starts the study of insider secure CGKA and group messaging protocols.
References
•Proceedings Article
How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority
Oded Goldreich,Silvio Micali,Avi Wigderson +2 more
- 01 Jan 1987
TL;DR: Permission to copy without fee all or part of this material is granted provided that the copies are not made or Idistributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machimery.
3.9K
How to play ANY mental game
Oded Goldreich,Silvio Micali,Avi Wigderson +2 more
- 01 Jan 1987
TL;DR: This work presents a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no partial information, provided the majority of the players is honest.
Universally composable security: a new paradigm for cryptographic protocols
Ran Canetti
- 14 Oct 2001
TL;DR: The notion of universally composable security was introduced in this paper for defining security of cryptographic protocols, which guarantees security even when a secure protocol is composed of an arbitrary set of protocols, or more generally when the protocol is used as a component of a system.
Hierarchical ID-Based Cryptography
Craig Gentry,Alice Silverberg +1 more
- 01 Dec 2002
TL;DR: In this article, the authors presented hierarchical identity-based encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear Diffie-Hellman problem.
Secure group communications using key graphs
Chung Kei Wong,Mohamed G. Gouda,Simon S. Lam +2 more
- 01 Oct 1998
TL;DR: It is shown that the group key management service, using any of the three rekeying strategies, is scalable to large groups with frequent joins and leaves, and the average measured processing time per join/leave increases linearly with the logarithm of group size.