MKA Security with Group Manager FS and Eventual PCS Sample Clauses

MKA Security with Group Manager FS and Eventual PCS. To obtain security with respect to group manager corruptions, in addition to the security captured by user-mult, we create a new security game mgr-mult, in which we add to the user-mult game an additional 12 Note that 12.5% is the threshold such that the group size does not approach zero in expectation, as the number of operations 10 · 2i is 20 times more than the initial group size 2i−1 and thus the difference between the probabilities of Remove and Add operations needs to be less than 1/20 = 5%.‌ 13 In Section 8, we also show how to retain GUS’s O(log n) computational complexity. ∈ oracle mgr-corrupt, which simply returns the secret state of the group manager to the adversary. Observe that there are now more trivial attacks which the adversary can use to win mgr-mult (e.g., corrupting the group manager and then challenging before every user has been updated or removed from the group). We therefore check a new mgr-safe predicate at the end of the game on the queries q1, . . . , qq in order to determine if the execution had any trivial attacks. In addition to that which user-safe checks for, mgr-safe also checks for every challenge epoch t∗ if the group manager was corrupted in some epoch t < t∗, and there was any ID G[t] that did not have its secrets updated by the group manager (in an operation for which the oob to ID is not corrupted), and was not removed by the group manager, after the corruption, but before t∗. mgr-corrupt(): mgr-safe(q1, . . . , qq ): return Γsec 107 for (i, j) s.t. qi = mgr-corrupt(), qj = chall(t∗) for some t∗: 108 if q2e(qi) < t∗ and ∃ID ∈ G[q2e(qi)] s.t. $l s.t. 0 < q2e(qi) < q2e(ql) ≤ t∗∧ ((ql = update-user(ID) ∧ $m s.t. qm = corrupt-oob(q2e(ql), ID)) ∨ 109 ql = remove-user(ID)): return 0 110 return user-safe(q1, . . . , qq )