Continuous Group Key Agreement with Flexible Authorization and Its ApplicationsContinuous Group Key Agreement • December 20th, 2022
Let the advantage be Advcma( ) that an adversary wins the existentially unforgeable game against chosen message attack (EUF-CMA). Briefly, an ad- versary is allowed to access the signing oracle for any massage as in the usual EUF-CMA definition. In addition, the adversary calls the update oracle that updates the current key (precisely outputs an update message), and calls the corrupt oracle that returns the current signing key. The adversary outputting a pair of message and signature wins if they are valid under the current verification key, the signature is not an output of the signing oracle with the message, and the adversary has at least once used an update message returned by the update
Continuous Group Key Agreement with Active SecurityContinuous Group Key Agreement • September 28th, 2020
Abstract. A continuous group key agreement (CGKA) protocol allows a long-lived group of parties to agree on a continuous stream of fresh secret key material. CGKA protocols allow parties to join and leave mid-session but may neither rely on special group managers, trusted third parties, nor on any assumptions about if, when, or for how long members are online. CGKA captures the core of an emerging generation of highly practical end-to-end secure group messaging (SGM) protocols.
CoCoA: Concurrent Continuous Group Key AgreementContinuous Group Key Agreement • March 2nd, 2022
Continuous Group Key Agreement with Active SecurityContinuous Group Key Agreement • June 18th, 2020
In our paper, we formally have defined optimal security for continuous group key agreement (CGKA) schemes. We considered two settings: First, the passive setting, where the adversary cannot tamper or inject messages but — in contrast to previous work — can freely reorder and drop messages without being confined to a global order thereof. Second, we considered the active setting, where the adversary fully controls the network and thus, using a party’s exposed state, can impersonate that party.
