Notice

This record is in review state, the data has not yet been validated.

Show simple item record

dc.contributor.author
Alwen, Joel
dc.contributor.author
Auerbach, Benedikt
dc.contributor.author
Noval, Miguel Cueto
dc.contributor.author
Klein, Karen
dc.contributor.author
Pascual-Perez, Guillermo
dc.contributor.author
Pietrzak, Krzyzstof
dc.date.accessioned
2024-11-24T06:42:15Z
dc.date.available
2024-11-24T06:42:15Z
dc.date.issued
2024-01-01
dc.identifier.isbn
978-3-031-71073-5
dc.identifier.isbn
978-3-031-71072-8
dc.identifier.other
10.1007/978-3-031-71073-5_14
dc.identifier.uri
http://hdl.handle.net/20.500.11850/706736
dc.description.abstract
Continuous group key agreement (CGKA) allows a group of users to maintain a continuously updated shared key in an asynchronous setting where parties only come online sporadically and their messages are relayed by an untrusted server. CGKA captures the basic primitive underlying group messaging schemes.
dc.description.abstract
Current solutions including TreeKEM ("Messaging Layer Security" (MLS) IETF RFC 9420) cannot handle concurrent requests while retaining low communication complexity. The exception being CoCoA, which is concurrent while having extremely low communication complexity (in groups of size n and for m concurrent updates the communication per user is log(n), i.e., independent of m). The main downside of CoCoA is that in groups of size n, users might have to do up to log(n) update requests to the server to ensure their (potentially corrupted) key material has been refreshed.
dc.description.abstract
In this work we present a "fast healing" concurrent CGKA protocol, named DeCAF, where users will heal after at most log(t) requests, with t being the number of corrupted users. While also suitable for the standard central-server setting, our protocol is particularly interesting for realizing decentralized group messaging, where protocol messages (add, remove, update) are being posted on some append-only data structure rather than sent to a server. In this setting, concurrency is crucial once the rate of requests exceeds, say, the rate at which new blocks are added to a blockchain.
dc.description.abstract
In the central-server setting, CoCoA (the only alternative with concurrency, sub-linear communication and basic post-compromise security) enjoys much lower download communication. However, in the decentralized setting - where there is no server which can craft specific messages for different users to reduce their download communication - our protocol significantly outperforms CoCoA. DeCAF heals in fewer epochs (log(t) vs. log(n)) while incurring a similar per epoch per user communication cost.
dc.title
DeCAF: Decentralizable CGKA with Fast Healing
dc.type
Conference Paper
ethz.journal.title
SECURITY AND CRYPTOGRAPHY FOR NETWORKS, PT II, SCN 2024
ethz.journal.volume
14974
ethz.pages.start
294
ethz.pages.end
313
ethz.event
14th International Conference on Security and Cryptography for Networks (SCN)
ethz.event.location
Amalfi
ethz.event.date
SEP 11-13, 2024
ethz.identifier.wos
ethz.date.deposited
2024-11-24T06:42:22Z
ethz.source
WOS
ethz.rosetta.exportRequired
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=DeCAF:%20Decentralizable%20CGKA%20with%20Fast%20Healing&rft.jtitle=SECURITY%20AND%20CRYPTOGRAPHY%20FOR%20NETWORKS,%20PT%20II,%20SCN%202024&rft.date=2024-01-01&rft.volume=14974&rft.spage=294&rft.epage=313&rft.au=Alwen,%20Joel&Auerbach,%20Benedikt&Noval,%20Miguel%20Cueto&Klein,%20Karen&Pascual-Perez,%20Guillermo&rft.isbn=978-3-031-71073-5&978-3-031-71072-8&rft.genre=proceeding&rft_id=info:doi/10.1007/978-3-031-71073-5_14&
 Search print copy at ETH Library

Files in this item

FilesSizeFormatOpen in viewer

There are no files associated with this item.

Publication type

Show simple item record