{"quality_controlled":"1","place":"Cham","intvolume":" 14974","author":[{"last_name":"Alwen","full_name":"Alwen, Joel F","first_name":"Joel F","id":"2A8DFA8C-F248-11E8-B48F-1D18A9856A87"},{"first_name":"Benedikt","last_name":"Auerbach","full_name":"Auerbach, Benedikt","orcid":"0000-0002-7553-6606","id":"D33D2B18-E445-11E9-ABB7-15F4E5697425"},{"full_name":"Cueto Noval, Miguel","last_name":"Cueto Noval","first_name":"Miguel","orcid":"0000-0002-2505-4246","id":"ffc563a3-f6e0-11ea-865d-e3cce03d17cc"},{"id":"3E83A2F8-F248-11E8-B48F-1D18A9856A87","last_name":"Klein","full_name":"Klein, Karen","first_name":"Karen"},{"first_name":"Guillermo","full_name":"Pascual Perez, Guillermo","last_name":"Pascual Perez","orcid":"0000-0001-8630-415X","id":"2D7ABD02-F248-11E8-B48F-1D18A9856A87"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z","last_name":"Pietrzak","first_name":"Krzysztof Z"}],"publication_identifier":{"eissn":["1611-3349"],"eisbn":["9783031710735"],"isbn":["9783031710728"],"issn":["0302-9743"]},"_id":"18086","date_created":"2024-09-18T11:35:14Z","title":"DeCAF: Decentralizable CGKA with fast healing","month":"09","user_id":"8b945eb4-e2f2-11eb-945a-df72226e66a9","department":[{"_id":"GradSch"},{"_id":"KrPi"}],"publication_status":"published","alternative_title":["LNCS"],"article_processing_charge":"No","page":"294–313","doi":"10.1007/978-3-031-71073-5_14","volume":14974,"year":"2024","oa_version":"None","date_published":"2024-09-10T00:00:00Z","abstract":[{"lang":"eng","text":"Abstract. Continuous group key agreement (CGKA) allows a group of\r\nusers to maintain a continuously updated shared key in an asynchronous\r\nsetting where parties only come online sporadically and their messages\r\nare relayed by an untrusted server. CGKA captures the basic primitive\r\nunderlying group messaging schemes.\r\nCurrent solutions including TreeKEM (“Messaging Layer Security”\r\n(MLS) IETF RFC 9420) cannot handle concurrent requests while retaining low communication complexity. The exception being CoCoA, which\r\nis concurrent while having extremely low communication complexity (in\r\ngroups of size n and for m concurrent updates the communication per\r\nuser is log(n), i.e., independent of m). The main downside of CoCoA\r\nis that in groups of size n, users might have to do up to log(n) update\r\nrequests to the server to ensure their (potentially corrupted) key material has been refreshed.\r\nIn this work we present a “fast healing” concurrent CGKA protocol,\r\nnamed DeCAF, where users will heal after at most log(t) requests, with\r\nt being the number of corrupted users. While also suitable for the standard central-server setting, our protocol is particularly interesting for\r\nrealizing decentralized group messaging, where protocol messages (add,\r\nremove, update) are being posted on some append-only data structure\r\nrather than sent to a server. In this setting, concurrency is crucial once\r\nthe rate of requests exceeds, say, the rate at which new blocks are added\r\nto a blockchain.\r\nIn the central-server setting, CoCoA (the only alternative with concurrency, sub-linear communication and basic post-compromise security)\r\nenjoys much lower download communication. However, in the decentralized setting – where there is no server which can craft specific messages\r\nfor different users to reduce their download communication – our protocol\r\nsignificantly outperforms CoCoA. DeCAF heals in fewer epochs (log(t)\r\nvs. log(n)) while incurring a similar per epoch per user communication\r\ncost."}],"citation":{"apa":"Alwen, J. F., Auerbach, B., Cueto Noval, M., Klein, K., Pascual Perez, G., & Pietrzak, K. Z. (2024). DeCAF: Decentralizable CGKA with fast healing. In C. Galdi & D. H. Phan (Eds.), Security and Cryptography for Networks: 14th International Conference (Vol. 14974, pp. 294–313). Cham: Springer Nature. https://doi.org/10.1007/978-3-031-71073-5_14","chicago":"Alwen, Joel F, Benedikt Auerbach, Miguel Cueto Noval, Karen Klein, Guillermo Pascual Perez, and Krzysztof Z Pietrzak. “DeCAF: Decentralizable CGKA with Fast Healing.” In Security and Cryptography for Networks: 14th International Conference, edited by Clemente Galdi and Duong Hieu Phan, 14974:294–313. Cham: Springer Nature, 2024. https://doi.org/10.1007/978-3-031-71073-5_14.","ista":"Alwen JF, Auerbach B, Cueto Noval M, Klein K, Pascual Perez G, Pietrzak KZ. 2024. DeCAF: Decentralizable CGKA with fast healing. Security and Cryptography for Networks: 14th International Conference. SCN: Security and Cryptography for Networks, LNCS, vol. 14974, 294–313.","ieee":"J. F. Alwen, B. Auerbach, M. Cueto Noval, K. Klein, G. Pascual Perez, and K. Z. Pietrzak, “DeCAF: Decentralizable CGKA with fast healing,” in Security and Cryptography for Networks: 14th International Conference, Amalfi, Italy, 2024, vol. 14974, pp. 294–313.","ama":"Alwen JF, Auerbach B, Cueto Noval M, Klein K, Pascual Perez G, Pietrzak KZ. DeCAF: Decentralizable CGKA with fast healing. In: Galdi C, Phan DH, eds. Security and Cryptography for Networks: 14th International Conference. Vol 14974. Cham: Springer Nature; 2024:294–313. doi:10.1007/978-3-031-71073-5_14","mla":"Alwen, Joel F., et al. “DeCAF: Decentralizable CGKA with Fast Healing.” Security and Cryptography for Networks: 14th International Conference, edited by Clemente Galdi and Duong Hieu Phan, vol. 14974, Springer Nature, 2024, pp. 294–313, doi:10.1007/978-3-031-71073-5_14.","short":"J.F. Alwen, B. Auerbach, M. Cueto Noval, K. Klein, G. Pascual Perez, K.Z. Pietrzak, in:, C. Galdi, D.H. Phan (Eds.), Security and Cryptography for Networks: 14th International Conference, Springer Nature, Cham, 2024, pp. 294–313."},"type":"conference","language":[{"iso":"eng"}],"editor":[{"first_name":"Clemente","full_name":"Galdi, Clemente","last_name":"Galdi"},{"first_name":"Duong Hieu","last_name":"Phan","full_name":"Phan, Duong Hieu"}],"conference":{"name":"SCN: Security and Cryptography for Networks","end_date":"2024-09-13","location":"Amalfi, Italy","start_date":"2024-09-11"},"corr_author":"1","publisher":"Springer Nature","publication":"Security and Cryptography for Networks: 14th International Conference","related_material":{"record":[{"id":"18088","status":"public","relation":"dissertation_contains"}]},"date_updated":"2024-10-10T12:40:13Z","day":"10","status":"public"}