---
_id: '18086'
abstract:
- lang: eng
  text: "Abstract. Continuous group key agreement (CGKA) allows a group of\r\nusers
    to maintain a continuously updated shared key in an asynchronous\r\nsetting where
    parties only come online sporadically and their messages\r\nare relayed by an
    untrusted server. CGKA captures the basic primitive\r\nunderlying group messaging
    schemes.\r\nCurrent solutions including TreeKEM (“Messaging Layer Security”\r\n(MLS)
    IETF RFC 9420) cannot handle concurrent requests while retaining low communication
    complexity. The exception being CoCoA, which\r\nis concurrent while having extremely
    low communication complexity (in\r\ngroups of size n and for m concurrent updates
    the communication per\r\nuser is log(n), i.e., independent of m). The main downside
    of CoCoA\r\nis that in groups of size n, users might have to do up to log(n) update\r\nrequests
    to the server to ensure their (potentially corrupted) key material has been refreshed.\r\nIn
    this work we present a “fast healing” concurrent CGKA protocol,\r\nnamed DeCAF,
    where users will heal after at most log(t) requests, with\r\nt being the number
    of corrupted users. While also suitable for the standard central-server setting,
    our protocol is particularly interesting for\r\nrealizing decentralized group
    messaging, where protocol messages (add,\r\nremove, update) are being posted on
    some append-only data structure\r\nrather than sent to a server. In this setting,
    concurrency is crucial once\r\nthe rate of requests exceeds, say, the rate at
    which new blocks are added\r\nto a blockchain.\r\nIn the central-server setting,
    CoCoA (the only alternative with concurrency, sub-linear communication and basic
    post-compromise security)\r\nenjoys much lower download communication. However,
    in the decentralized setting – where there is no server which can craft specific
    messages\r\nfor different users to reduce their download communication – our protocol\r\nsignificantly
    outperforms CoCoA. DeCAF heals in fewer epochs (log(t)\r\nvs. log(n)) while incurring
    a similar per epoch per user communication\r\ncost."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Joel F
  full_name: Alwen, Joel F
  id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
  last_name: Alwen
- first_name: Benedikt
  full_name: Auerbach, Benedikt
  id: D33D2B18-E445-11E9-ABB7-15F4E5697425
  last_name: Auerbach
  orcid: 0000-0002-7553-6606
- first_name: Miguel
  full_name: Cueto Noval, Miguel
  id: ffc563a3-f6e0-11ea-865d-e3cce03d17cc
  last_name: Cueto Noval
  orcid: 0000-0002-2505-4246
- first_name: Karen
  full_name: Klein, Karen
  id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
  last_name: Klein
- first_name: Guillermo
  full_name: Pascual Perez, Guillermo
  id: 2D7ABD02-F248-11E8-B48F-1D18A9856A87
  last_name: Pascual Perez
  orcid: 0000-0001-8630-415X
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Alwen JF, Auerbach B, Cueto Noval M, Klein K, Pascual Perez G, Pietrzak KZ.
    DeCAF: Decentralizable CGKA with fast healing. In: Galdi C, Phan DH, eds. <i>Security
    and Cryptography for Networks: 14th International Conference</i>. Vol 14974. Cham:
    Springer Nature; 2024:294–313. doi:<a href="https://doi.org/10.1007/978-3-031-71073-5_14">10.1007/978-3-031-71073-5_14</a>'
  apa: 'Alwen, J. F., Auerbach, B., Cueto Noval, M., Klein, K., Pascual Perez, G.,
    &#38; Pietrzak, K. Z. (2024). DeCAF: Decentralizable CGKA with fast healing. In
    C. Galdi &#38; D. H. Phan (Eds.), <i>Security and Cryptography for Networks: 14th
    International Conference</i> (Vol. 14974, pp. 294–313). Cham: Springer Nature.
    <a href="https://doi.org/10.1007/978-3-031-71073-5_14">https://doi.org/10.1007/978-3-031-71073-5_14</a>'
  chicago: 'Alwen, Joel F, Benedikt Auerbach, Miguel Cueto Noval, Karen Klein, Guillermo
    Pascual Perez, and Krzysztof Z Pietrzak. “DeCAF: Decentralizable CGKA with Fast
    Healing.” In <i>Security and Cryptography for Networks: 14th International Conference</i>,
    edited by Clemente Galdi and Duong Hieu Phan, 14974:294–313. Cham: Springer Nature,
    2024. <a href="https://doi.org/10.1007/978-3-031-71073-5_14">https://doi.org/10.1007/978-3-031-71073-5_14</a>.'
  ieee: 'J. F. Alwen, B. Auerbach, M. Cueto Noval, K. Klein, G. Pascual Perez, and
    K. Z. Pietrzak, “DeCAF: Decentralizable CGKA with fast healing,” in <i>Security
    and Cryptography for Networks: 14th International Conference</i>, Amalfi, Italy,
    2024, vol. 14974, pp. 294–313.'
  ista: 'Alwen JF, Auerbach B, Cueto Noval M, Klein K, Pascual Perez G, Pietrzak KZ.
    2024. DeCAF: Decentralizable CGKA with fast healing. Security and Cryptography
    for Networks: 14th International Conference. SCN: Security and Cryptography for
    Networks, LNCS, vol. 14974, 294–313.'
  mla: 'Alwen, Joel F., et al. “DeCAF: Decentralizable CGKA with Fast Healing.” <i>Security
    and Cryptography for Networks: 14th International Conference</i>, edited by Clemente
    Galdi and Duong Hieu Phan, vol. 14974, Springer Nature, 2024, pp. 294–313, doi:<a
    href="https://doi.org/10.1007/978-3-031-71073-5_14">10.1007/978-3-031-71073-5_14</a>.'
  short: 'J.F. Alwen, B. Auerbach, M. Cueto Noval, K. Klein, G. Pascual Perez, K.Z.
    Pietrzak, in:, C. Galdi, D.H. Phan (Eds.), Security and Cryptography for Networks:
    14th International Conference, Springer Nature, Cham, 2024, pp. 294–313.'
conference:
  end_date: 2024-09-13
  location: Amalfi, Italy
  name: 'SCN: Security and Cryptography for Networks'
  start_date: 2024-09-11
corr_author: '1'
date_created: 2024-09-18T11:35:14Z
date_published: 2024-09-10T00:00:00Z
date_updated: 2026-04-07T13:01:26Z
day: '10'
department:
- _id: GradSch
- _id: KrPi
doi: 10.1007/978-3-031-71073-5_14
editor:
- first_name: Clemente
  full_name: Galdi, Clemente
  last_name: Galdi
- first_name: Duong Hieu
  full_name: Phan, Duong Hieu
  last_name: Phan
external_id:
  isi:
  - '001330408000014'
intvolume: '     14974'
isi: 1
language:
- iso: eng
month: '09'
oa_version: None
page: 294–313
place: Cham
publication: 'Security and Cryptography for Networks: 14th International Conference'
publication_identifier:
  eisbn:
  - '9783031710735'
  eissn:
  - 1611-3349
  isbn:
  - '9783031710728'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
  record:
  - id: '18088'
    relation: dissertation_contains
    status: public
status: public
title: 'DeCAF: Decentralizable CGKA with fast healing'
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 14974
year: '2024'
...