Common use of Key Independence Clause in Contracts

Key Independence. We now give an informal proof that STR satisfies forward and backward secrecy, or equivalently key independence. In order to show that STR provides key independence, we only need to show that the former (prospective) member’s view of the current tree is exactly the same as the passive adversary’s view. This is because the advantage of the former (prospective) member is the same as the passive adversary, and the view of the passive adversary does not reveal any information about the group key by ▇▇▇▇▇▇▇ 3. We first consider backward secrecy, which states that a new member who knows the current group key cannot derive any previous group keys. Let Mn+1 be the new member. The sponsor for the join event changes its session random and, consequently, root key of the current key tree is changed. Therefore, the view of Mn+1 with respect to the prior key trees is exactly the same as the view of an outsider. Hence, the new member does not gain any advantage compared to a passive adversary. This argument can be easily extended to a merge of two or more groups. When a merge happens, the sponsor at the top leaf node of the largest tree changes its session random. Therefore, each member’s view on other member’s tree is exactly the same as the view of a passive adversary. This shows that the newly merged member has exactly the same advantage about any of the old key tree as a passive adversary. Now we consider forward secrecy, meaning that a passive adversary who knows a contiguous subset of old group keys cannot discover subsequent group keys. Here, we consider partition and leave at the same time. ▇▇▇▇▇▇▇ ▇▇ is a former group member who left the group. Whenever subtractive event happens, the sponsor located immediately below the deepest leaving leaf node refreshes its session random, and, therefore, all keys known to leaving members will be changed accordingly. Therefore, Md’s view is exactly the same as the view of the passive adversary. This proves that STR provides decisional version of key independence.

Key Independence. We now give an informal proof that STR satisfies forward and backward secrecy, or equivalently key independence. In order to show that STR provides key independence, we only need to show that the former (prospective) member’s view of the current tree is exactly the same as the passive adversary’s view. This is because the advantage of the former (prospective) member is the same as the passive adversary, and the view of the passive adversary does not reveal any information about the group key by ▇▇▇▇▇▇▇ 3. We first consider backward secrecy, which states that a new member who knows the current group key cannot derive any previous group keys. Let Mn+1 be the new member. The sponsor for the join event changes its session random and, consequently, root key of the current key tree is changed. Therefore, the view of Mn+1 with respect to the prior key trees is exactly the same as the view of an outsider. Hence, the new member does not gain any advantage compared to a passive adversary. This argument can be easily extended to a merge of two or more groups. When a merge happens, the sponsor at the top leaf node of the largest tree changes its session random. Therefore, each member’s view on other member’s tree is exactly the same as the view of a passive adversary. This shows that the newly merged member has exactly the same advantage about any of the old key tree as a passive adversary. Now we consider forward secrecy, meaning that a passive adversary who knows a contiguous subset of old group keys cannot discover subsequent group keys. Here, we consider partition and leave at the same time. ▇▇▇▇▇▇▇ ▇▇ is a former group member who left the group. Whenever subtractive event happens, the sponsor located immediately below the deepest leaving leaf node refreshes its session random, and, therefore, all keys known to leaving members will be changed accordingly. Therefore, Md’s view is exactly the same as the view of the passive adversary. This proves that STR provides decisional version of key independence.