Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key AgreementJuly 16th, 2020
FiledJuly 16th, 2020Abstract. While messaging systems with strong security guarantees are widely used in practice, de- signing a protocol that scales efficiently to large groups and enjoys similar security guarantees remains largely open. The two existing proposals to date are ART (Cohn-Gordon et al., CCS18) and TreeKEM (IETF, The Messaging Layer Security Protocol, draft). ART enjoys a security proof, albeit with a superexponential bound, and is not dynamic enough for practical purposes. TreeKEM has not been proven secure at this point and can suffer some efficiency issues due to dynamic group operations (i.e. adding and removing users).