Common use of Group Key Secrecy Clause in Contracts

Group Key Secrecy. Before considering group key secrecy, we briefly examine key fresh- ness. Every group key is fresh, since at least one member in the group generates a new random key share for every membership change.5 The probability that new group key is the same as any old group key is negligible due to bijectiveness of function. We note that the root (group) key is never used directly for the purposes of encryption, authentication or integrity. Instead, special-purpose sub-keys are derived from the this key, e.g., by applying a cryptographically secure hash function, i.e. is used for such applications. As discussed in Section II-D, decisional group key secrecy is more meaningful if sub-keys are derived from a group key. Decisional group key secrecy of STR protocol is related to imbalanced tree decision Xxxxxx-Xxxxxxx assumption mentioned in Section B. This assumption ensures that there is no information leakage other than public bkey information. We can also derive the sub-keys based on the Xxxxx’x hedge technique [26] as follows: Compute the key as: where is a random oracle. 4In fact, it need not broadcast unchanged bkeys, . 5Recall that insider attacks are not our concern. This excludes the case when an insider intentionally generates non-random numbers. It follows that, in addition to the security in the standard model based on imbalanced Tree Decision Xxxxxx-Xxxxxxx assumption, the derived key is also secure in the random oracle model [6] based on the imbalanced Tree Computational Xxxxxx-Xxxxxxx assumption.

Group Key Secrecy. Before considering group key secrecy, we briefly examine key fresh- ness. Every group key is fresh, since at least one member in the group generates a new random key share for every membership change.5 The probability that new group key is the same as any old group key is negligible due to bijectiveness of (f ◦ g) function. We note that the root (group) key is never used directly for the purposes of encryption, authentication or integrity. Instead, special-purpose sub-keys are derived from the this key, e.g., by applying a cryptographically secure hash function, i.e. H(group key) is used for such applications. As discussed in Section II-D, decisional group key secrecy is more meaningful if sub-keys are derived from a group key. Decisional group key secrecy of STR protocol is related to imbalanced tree decision Xxxxxx-Xxxxxxx assumption mentioned in Section B. This assumption ensures that there is no information leakage other than public bkey information. We can also derive the sub-keys based on the Xxxxx’x hedge technique [26] as follows: Compute the key as: H(group key) ⊕ H(group key) where H is a random oracle. 4In fact, it need not broadcast unchanged bkeys, {bk1, bk2, bk3}. 5Recall that insider attacks are not our concern. This excludes the case when an insider intentionally generates non-random numbers. It follows that, in addition to the security in the standard model based on imbalanced Tree Decision Xxxxxx-Xxxxxxx assumption, the derived key is also secure in the random oracle model [6] based on the imbalanced Tree Computational Xxxxxx-Xxxxxxx assumption.

Group Key Secrecy. Before considering group key secrecy, we briefly examine key fresh- ness. Every group key is fresh, since at least one member in the group generates a new random key share for every membership change.5 The probability that new group key is the same as any old group key is negligible due to bijectiveness of (f ◦ g) function. We note that the root (group) key is never used directly for the purposes of encryption, authentication or integrity. Instead, special-purpose sub-keys are derived from the this key, e.g., by applying a cryptographically secure hash function, i.e. H(group key) is used for such applications. As discussed in Section II-D, decisional group key secrecy is more meaningful if sub-keys are derived from a group key. Decisional group key secrecy of STR protocol is related to imbalanced tree decision Xxxxxx-Xxxxxxx assumption mentioned in Section B. This assumption ensures that there is no information leakage other than public bkey information. We can also derive the sub-keys based on the Xxxxx’x hedge technique [26] as follows: Compute the key as: H(group key) ⊕ H(group key) where H is a random oracle. 4In fact, it need not broadcast unchanged bkeys, {bk1 , bk2 , bk3 }. 5Recall that insider attacks are not our concern. This excludes the case when an insider intentionally generates non-random numbers. It follows that, in addition to the security in the standard model based on imbalanced Tree Decision Xxxxxx-Xxxxxxx assumption, the derived key is also secure in the random oracle model [6] based on the imbalanced Tree Computational Xxxxxx-Xxxxxxx assumption.