Common use of Decentralized Group Key Distribution Protocols Clause in Contracts

Decentralized Group Key Distribution Protocols. Decentralized group key distribution (DGKD) protocols involve dynamically selecting a group member who generates and distributes keys to other group members. After subtractive membership events, individual partitions can continue operation by electing a new key server. The drawback is that a key server must establish long-term pairwise secure channels (by making use of public key cryptosystem such as Xxxxxx-Xxxxxxx) with all current group members in order to distribute group keys. Consequently, each time a new key server comes into play, significant costs must be incurred to set up these channels. Another disadvantage is the reliance on a single entity to generate good (i.e., cryptographically strong and random) keys. First DGKD protocol is due to Xxxxxxxxx et al. [16]. They propose efficient protocols for small-group key agree- ment and large-group key distribution. Unfortunately, their scheme for autonomous small group key agreement is insecure (not collusion resistant). Xxxxxxx et al. modified OFT (One-way Function Tree) [24] to provide dynamic server election [18]. This protocol has the same key tree structure and uses the notations (e.g. keys, blinded keys) similar to ours. Other than expensive maintenance of secure channels described above, this protocol has a high communication cost: even for single join and leave, this protocol can take rounds. This scheme does not handle merge and partition event. One advantage different from other DGKD protocols is that their group key has a contributory nature: whenever a group member changes its session random, the group key changes. Xxxxx et al. [30] propose a DGKD protocol derived from the LKH protocol [37]. It tolerates network partitions and other network events. Even though this approach does not avoid the disadvantages discussed above, it reduces the communication and computational costs. In addition, it uses AVL tree to provide provable tree height bound.

Decentralized Group Key Distribution Protocols. Decentralized group key distribution (DGKD) protocols involve dynamically selecting a group member who generates and distributes keys to other group members. After subtractive membership events, individual partitions can continue operation by electing a new key server. The drawback is that a key server must establish long-term pairwise secure channels (by making use of public key cryptosystem such as Xxxxxx-Xxxxxxx) with all current group members in order to distribute group keys. Consequently, each time a new key server comes into play, significant costs must be incurred to set up these channels. Another disadvantage is the reliance on a single entity to generate good (i.e., cryptographically strong and random) keys. First DGKD protocol is due to Xxxxxxxxx et al. [1614]. They propose efficient protocols for small-group key agree- ment and large-group key distribution. Unfortunately, their scheme for autonomous small group key agreement is insecure (not collusion resistant). Xxxxxxx et al. modified OFT (One-way Function Tree) [2422] to provide dynamic server election [1816]. This protocol has the same key tree structure and uses the notations (e.g. keys, blinded keys) similar to ours. Other than expensive maintenance of secure channels described above, this protocol has a high communication cost: even for single join and leave, this protocol can take O(h) rounds. This scheme does not handle merge and partition event. One advantage different from other DGKD protocols is that their group key has a contributory nature: whenever a group member changes its session random, the group key changes. Xxxxx Rodeh et al. [3028] propose a DGKD protocol derived from the LKH protocol [3735]. It tolerates network partitions and other network events. Even though this approach does not avoid the disadvantages discussed above, it reduces the communication and computational costs. In addition, it uses AVL tree to provide provable tree height bound.