[Resource Topic] 2022/1411: Cryptographic Administration for Secure Group Messaging

Welcome to the resource topic for 2022/1411

Title:
Cryptographic Administration for Secure Group Messaging

Authors: David Balbás, Daniel Collins, Serge Vaudenay

Abstract:

Many real-world group messaging systems delegate group administration to the application level, failing to provide formal guarantees related to group membership.
Taking a cryptographic approach to group administration can prevent both implementation and protocol design pitfalls that result in a loss of confidentiality and consistency for group members.

In this work, we introduce a cryptographic framework for the design of group messaging protocols that offer strong security guarantees for group membership.
To this end, we extend the continuous group key agreement (CGKA) paradigm used in the ongoing IETF MLS group messaging standardisation process and introduce the administrated CGKA (A-CGKA) primitive.
Our primitive natively enables a subset of group members, the group admins, to control the addition and removal of parties and to update their own keying material in a secure manner.
We embed A-CGKA with a novel correctness notion which provides guarantees for group evolution and consistency, and a security model that prevents even corrupted (non-admin) members from forging messages that add new users to a group.
Moreover, we present two efficient and modular constructions of group administrators that are correct and secure with respect to our definitions.
Finally, we propose, implement, and benchmark an efficient extension of MLS that integrates cryptographic administrators.
Our constructions admit little overhead over running a CGKA and can be extended to support advanced admin functionalities.

ePrint: https://eprint.iacr.org/2022/1411

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .