Continuous Group Key Agreement with Flexible Authorization and Its ApplicationsContinuous Group Key Agreement • December 20th, 2022
Let the advantage be Advcma( ) that an adversary wins the existentially unforgeable game against chosen message attack (EUF-CMA). Briefly, an ad- versary is allowed to access the signing oracle for any massage as in the usual EUF-CMA definition. In addition, the adversary calls the update oracle that updates the current key (precisely outputs an update message), and calls the corrupt oracle that returns the current signing key. The adversary outputting a pair of message and signature wins if they are valid under the current verification key, the signature is not an output of the signing oracle with the message, and the adversary has at least once used an update message returned by the update
Continuous Group Key Agreement with Active SecurityContinuous Group Key Agreement • September 28th, 2020
Abstract. A continuous group key agreement (CGKA) protocol allows a long-lived group of parties to agree on a continuous stream of fresh secret key material. CGKA protocols allow parties to join and leave mid-session but may neither rely on special group managers, trusted third parties, nor on any assumptions about if, when, or for how long members are online. CGKA captures the core of an emerging generation of highly practical end-to-end secure group messaging (SGM) protocols.
Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key AgreementContinuous Group Key Agreement • September 26th, 2013
This work focuses on improving the efficiency of existing Continuous Group Key Agreement (CGKA) protocols, underlying efficient secure group messaging. In particular, it builds on TreeKEM, the proto- col by the IETF working group on Message Layer Security (MLS). We formalize and analyze a modification named Tainted TreeKEM (TTKEM).
Coffee: Fast Healing Concurrent Continuous Group Key Agreement for Decentralized Group MessagingContinuous Group Key Agreement • September 24th, 2014
Continuous group key agreement (CGKA) allows a group of users to maintain a continuously updated shared key in an asynchronous setting where parties only come online sporadically and their messages are relayed by an untrusted server. CGKA captures the basic primitive underlying group messaging schemes.
Continuous Group Key Agreement with Active SecurityContinuous Group Key Agreement • June 18th, 2020
In our paper, we formally have defined optimal security for continuous group key agreement (CGKA) schemes. We considered two settings: First, the passive setting, where the adversary cannot tamper or inject messages but — in contrast to previous work — can freely reorder and drop messages without being confined to a global order thereof. Second, we considered the active setting, where the adversary fully controls the network and thus, using a party’s exposed state, can impersonate that party.
Fork-Resilient Continuous Group Key AgreementContinuous Group Key Agreement • March 19th, 2023
A major problem preventing the use of CGKA over unreliable infrastructure are so-called forks. A fork occurs when group members have diverging views of the group’s history (and thus its current state); e.g. due to network or server failures. Once communication channels are restored, members resolve a fork by agreeing on the state of the group again. Today’s CGKA protocols make fork resolution challenging, as natural resolution strategies seem to conflict with the way the protocols enforce group state agreement and forward secrecy. Meanwhile, secure group messaging protocols which do support fork resolution do not scale nearly as well as CGKA does.
