A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs

Hashimoto, Keitaro; Katsumata, Shuichi; Postlethwaite, Eamonn W.; Prest, Thomas; Westerbaan, Bas

doi:10.1145/3460120.3484817

Cited by 14 publications

(1 citation statement)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Analyzing the Signal protocol is still an ongoing research area, e.g., [5,6]. In addition to two-party messaging, secure group messaging (SGM) protocols also have been proposed [7][8][9][10][11][12][13][14].…”

Section: Introduction 1backgroundmentioning

confidence: 99%

Providing Membership Privacy to the Asynchronous Ratcheting Trees Protocol without losing Scalability

Emura¹,

Kajita²,

Nojima³

et al. 2022

JOWUA

View full text Add to dashboard Cite

A secure messaging protocol, such as the Signal protocol, provides end-to-end encrypted asynchronous communication. This paper focuses on a secure group messaging (SGM) protocol, and proposes a method capable of hiding membership information from the viewpoint of non group members, which we call “membership privacy”. In this work, we add membership privacy to the Asynchronous Ratcheting Trees (ART) protocol (proposed by Cohn-Gordon et al., (ACM CCS 2018)). For hiding membership-related values in the setup phase, we employ a key-private and robust publickey encryption (Abdalla et al., TCC2010/JoC2018). Moreover, we introduce a group common key to encrypt membership information in the key update phase. Our modification achieves asymptotically the same efficiency of the ART protocol in the setup phase. Any additional cost for key update does not depend on the number of group members. Therefore, the proposed protocol can add membership privacy to the ART protocol with a quite small overhead. Specifically, one encryption and decryption of a symmetric-key encryption scheme and one execution of a key-derivation function for each key update are employed. Finally, we discuss how to extend our protocol to provide sender-specific authentication, dynamic groups, group-size hiding, and how to adopt our technique to the Messaging Layer Security (MLS) protocol. We note that, although Chase et al. (ACM CCS 2020) have considered the same notion, their proposal is an extension of Signal so called “Pairwise Signal” where a group message is repeatedly sent over individual Signal channels. Thus their protocol is not scalable.

show abstract