Continuous Group Key Agreement with Flexible Authorization and Its Applications
Pages 3 - 13
Abstract
Secure messaging (SM) protocols allow users to communicate se-curely over an untrusted infrastructure. Alwen et al. formally de-fined the key agreement protocol used in secure group messaging (SGM) as continuous group key agreement (CGKA) at CRYPTO 2020. In their CGKA protocol, all of the group members have the same rights and a trusted third party is needed. On the other hand, some SGM applications may have a user in the group who has the role of an administrator. When the administrator as the group manager (GM) is distinguished from other group members, i.e., in a one-to-many setting, it would be better for the GM and the other group members to have different authorities. We achieve this flex-ible authorization by incorporating a ratcheting digital signature scheme (Cremers et al. at USENIX Security 2021) into the existing CGKA protocol and demonstrate that such a simple modification allows us to provide flexible authorization. In Alwen et al.'s CGKA protocol, an external public key infrastructure (PKI) functionality as a trusted third party manages the confidential information of users, and the PKI can read all messages until all users update their own keys. In contrast, the GM in our protocol has the same role as the PKI functionality in the group, so no third party outside the group handles confidential information of users and thus no one except group members can read messages regardless of key updates. Our proposed protocol is useful in the creation of new applications such as broadcasting services.
References
[1]
Joël Alwen, Benedikt Auerbach, Miguel Cueto Noval, Karen Klein, Guillermo Pascual-Perez, Krzyzstof Pietrzak, and MichaelWalter. 2022. CoCoA: Concurrent Continuous Group Key Agreement. In EUROCRYPT. 815--844.
[2]
Joël Alwen, Sandro Coretti, and Yevgeniy Dodis. 2019. The Double Ratchet: Security Notions, Proofs, and Modularization for the Signal Protocol. In EUROCRYPT. 129--158.
[3]
Joël Alwen, Sandro Coretti, Yevgeniy Dodis, and Yiannis Tselekounis. 2020. Security Analysis and Improvements for the IETF MLS Standard for Group Messaging. In CRYPTO. 248--277.
[4]
Joël Alwen, Sandro Coretti, Yevgeniy Dodis, and Yiannis Tselekounis. 2021. Modular design of secure group messaging protocols and the security of mls. In ACM CCS. 1463--1483.
[5]
Joël Alwen, Dominik Hartmann, Eike Kiltz, and Marta Mularczyk. 2021. Serveraided continuous group key agreement. Cryptology ePrint Archive, Report 2021/1456 (2021).
[6]
Joël Alwen, Daniel Jost, and Marta Mularczyk. 2022. On the Insider Security of MLS. In CRYPTO. 34--68.
[7]
David Balbás, Collins Daniel, and Serge Vaudenay. 2022. Cryptographic Administration for Secure Group Messaging. Cryptology ePrint Archive, Report 2022/1411 (2022).
[8]
Alexander Bienstock, Yevgeniy Dodis, and Yi Tang. 2022. Multicast Key Agreement, Revisited. In CT-RSA. 1--25.
[9]
Alexander Bienstock, Jaiden Fairoze, Sanjam Garg, Pratyay Mukherjee, and Srinivasan Raghuraman. 2022. A More Complete Analysis of the Signal Double Ratchet Algorithm. In CRYPTO. 782--811.
[10]
Nikita Borisov, Ian Goldberg, and Eric Brewer. 2004. Off-the-record communication, or, why not to use PGP. In WPES. 77--84.
[11]
Melissa Chase, Trevor Perrin, and Greg Zaverucha. 2020. The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption. In ACM CCS. 1445--1459.
[12]
Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt, and Douglas Stebila. 2017. A Formal Security Analysis of the Signal Messaging Protocol. In IEEE EuroS&P. 451--466.
[13]
Cas Cremers, Britta Hale, and Konrad Kohbrok. 2021. The Complexities of Healing in Secure Group Messaging: Why Cross-Group Effects Matter. In USENIX Security. 1847--1864.
[14]
Yevgeniy Dodis and Nelly Fazio. 2002. Public key broadcast encryption for stateless receivers. In ACM DRM. 61--80.
[15]
Keita Emura, Kaisei Kajita, Ryo Nojima, Kazuto Ogawa, and Go Ohtake. 2022. Membership privacy for asynchronous group messaging. In WISA. 131--142.
[16]
Amos Fiat and Moni Naor. 1993. Broadcast encryption. In CRYPTO. 480--491.
[17]
Keitaro Hashimoto, Shuichi Katsumata, Kris Kwiatkowski, and Thomas Prest. 2021. An Efficient and Generic Construction for Signal's Handshake (X3DH): Post-Quantum, State Leakage Secure, and Deniable. In Public-Key Cryptography. 410--440.
[18]
Keitaro Hashimoto, Shuichi Katsumata, Eamonn Postlethwaite, Thomas Prest, and Bas Westerbaan. 2021. A concrete treatment of efficient continuous group key agreement via multi-recipient PKEs. In ACM CCS. 1441--1462.
[19]
Don Johnson, Menezes Alfred, and Vanstone Scott. 2001. The elliptic curve digital signature algorithm (ECDSA). International journal of information security 1.1 (2001), 36--63.
[20]
Karen Klein, Guillermo Pascual-Perez, Michael Walter, Chethan Kamath, Margarita Capretto, Miguel Cueto, Ilia Markov, Michelle Yeo, Joël Alwen, and Krzysztof Pietrzak. 2021. Keep the dirt: Tainted treekem, adaptively and actively secure continuous group key agreement. In IEEE S&P. 268--284.
[21]
T. Perrin M. Marlinspike. 2016. The Signal Protocol. Technical Report. Working Draft, Tech. Rep., November 2016. https://signal.org/docs/specifications.
[22]
Kazuto Ogawa, Goichiro Hanaoka, and Hideki Imai. 2007. Traitor tracing scheme secure against adaptive key exposure and its application to anywhere TV service. IEICE transactions on fundamentals of electronics, communications and computer sciences 90, 5 (2007), 1000--1011.
[23]
Nick Sullivan and Sean Turner. 2018. Message layer security (mls) working group. https://datatracker.ietf.org/wg/mls/about/.
[24]
Nihal Vatandas, Rosario Gennaro, Bertrand Ithurburn, and Hugo Krawczyk. 2020. On the Cryptographic Deniability of the Signal Protocol. In ACNS. 188--209.
[25]
Matthew Weidner. 2019. Group messaging for secure asynchronous collaboration. Ph.D. Dissertation. Ph. D. thesis, MPhil dissertation.
Index Terms
- Continuous Group Key Agreement with Flexible Authorization and Its Applications
Recommendations
How to Hide MetaData in MLS-Like Secure Group Messaging: Simple, Modular, and Post-Quantum
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecuritySecure group messaging (SGM) protocols allow large groups of users to communicate in a secure and asynchronous manner. In recent years, continuous group key agreements (CGKAs) have provided a powerful abstraction to reason on the security properties we ...
Efficient group Diffie-Hellman key agreement protocols
Display Omitted Authenticated group Diffie-Hellman (GDH) key agreement protocols are proposed.GDH key agreement protocols are based on the secret sharing.Our proposed solution is efficient, robust and secure. In a group Diffie-Hellman (GDH) key ...
Enhancement on strongly secure group key agreement
In 2011, Zhao et al. presented a new security model of group key agreement GKA by considering ephemeral secret leakage ESL attacks. Meanwhile, they proposed a strongly secure GKA protocol under the new model. In this paper, two security weaknesses on ...
Comments
Information & Contributors
Information
Published In
April 2023
107 pages
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 April 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CODASPY '23
Sponsor:
CODASPY '23: Thirteenth ACM Conference on Data and Application Security and Privacy
April 26, 2023
NC, Charlotte, USA
Acceptance Rates
Overall Acceptance Rate 18 of 58 submissions, 31%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 97Total Downloads
- Downloads (Last 12 months)29
- Downloads (Last 6 weeks)1
Reflects downloads up to 25 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in