International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

The Cost of Maintaining Keys in Dynamic Groups with Applications to Multicast Encryption and Group Messaging

Authors:
Michael Anastos , ISTA
Benedikt Auerbach , PQShield
Mirza Ahad Baig , ISTA
Miguel Cueto Noval , ISTA
Matthew Kwan , ISTA
Guillermo Pascual-Perez , ISTA
Krzysztof Pietrzak , ISTA
Download:
Search ePrint
Search Google
Conference: TCC 2024
Abstract: In this work we prove lower bounds on the (communication) cost of maintaining a shared key among a dynamic group of users. Being ``dynamic'' means one can add and remove users from the group. This captures important protocols like multicast encryption (ME) and continuous group-key agreement (CGKA), which is the primitive underlying many group messaging applications. We prove our bounds in a combinatorial setting where the state of the protocol progresses in rounds. The state of the protocol in each round is captured by a set system, with each of its elements specifying a set of users who share a secret key. We show this combinatorial model implies bounds in symbolic models for ME and CGKA that capture, as building blocks, PRGs, PRFs, dual PRFs, secret sharing, and symmetric encryption in the setting of ME, and PRGs, PRFs, dual PRFs, secret sharing, public-key encryption, and key-updatable public-key encryption in the setting of CGKA. The models are related to the ones used by Micciancio and Panjwani (Eurocrypt'04) and Bienstock et al. (TCC'20) to analyze ME and CGKA, respectively. We prove -- using the Bollobas' Set Pairs Inequality -- that the cost (number of uploaded ciphertexts) for replacing a set of d users in a group of size n is \Omega(d*\ln(n/d)). Our lower bound is asymptotically tight and both improves on a bound of \Omega(d) by Bienstock et al. (TCC'20), and generalizes a result by Micciancio and Panjwani (Eurocrypt'04), who proved a lower bound of \Omega(\log(n)) for d=1.
BibTeX
@inproceedings{tcc-2024-34777,
  title={The Cost of Maintaining Keys in Dynamic Groups with Applications to Multicast Encryption and Group Messaging},
  publisher={Springer-Verlag},
  author={Michael Anastos and Benedikt Auerbach and Mirza Ahad Baig and Miguel Cueto Noval and Matthew Kwan and Guillermo Pascual-Perez and Krzysztof Pietrzak},
  year=2024
}