Fork-resilient continuous group key agreement
J Alwen, M Mularczyk, Y Tselekounis - Annual International Cryptology …, 2023 - Springer
Abstract Continuous Group Key Agreement (CGKA) lets an evolving group of clients agree
on a sequence of group keys. An important application of CGKA is scalable end-to-end …
on a sequence of group keys. An important application of CGKA is scalable end-to-end …
On the insider security of MLS
J Alwen, D Jost, M Mularczyk - Annual International Cryptology …, 2022 - Springer
Abstract The Messaging Layer Security (MLS) protocol is an open standard for end-to-end
(E2E) secure group messaging being developed by the IETF, poised for deployment to …
(E2E) secure group messaging being developed by the IETF, poised for deployment to …
Cryptographic administration for secure group messaging
Many real-world group messaging systems delegate group administration to the application
level, failing to provide formal guarantees related to group membership. Taking a …
level, failing to provide formal guarantees related to group membership. Taking a …
Device-oriented group messaging: a formal cryptographic analysis of matrix'core
Focusing on its cryptographic core, we provide the first formal description of the Matrix
secure group messaging protocol. Observing that no existing secure messaging model in …
secure group messaging protocol. Observing that no existing secure messaging model in …
WhatsUpp with sender keys? Analysis, improvements and security proofs
Developing end-to-end encrypted instant messaging solutions for group conversations is an
ongoing challenge that has garnered significant attention from practitioners and the …
ongoing challenge that has garnered significant attention from practitioners and the …
On secure ratcheting with immediate decryption
J Pijnenburg, B Poettering - International Conference on the Theory and …, 2022 - Springer
Ratcheting protocols let parties securely exchange messages in environments in which state
exposure attacks are anticipated. While, unavoidably, some promises on confidentiality and …
exposure attacks are anticipated. While, unavoidably, some promises on confidentiality and …
On the worst-case inefficiency of CGKA
Abstract Continuous Group Key Agreement (CGKA) is the basis of modern Secure Group
Messaging (SGM) protocols. At a high level, a CGKA protocol enables a group of users to …
Messaging (SGM) protocols. At a high level, a CGKA protocol enables a group of users to …
Strongly anonymous ratcheted key exchange
Anonymity is an (abstract) security goal that is especially important to threatened user
groups. Therefore, widely deployed communication protocols implement various measures …
groups. Therefore, widely deployed communication protocols implement various measures …
How to hide MetaData in MLS-like secure group messaging: simple, modular, and post-quantum
Secure group messaging (SGM) protocols allow large groups of users to communicate in a
secure and asynchronous manner. In recent years, continuous group key agreements …
secure and asynchronous manner. In recent years, continuous group key agreements …
DeCAF: decentralizable continuous group key agreement with fast healing
J Alwen, B Auerbach, MC Noval, K Klein… - Cryptology ePrint …, 2022 - eprint.iacr.org
Continuous group key agreement (CGKA) allows a group of users to maintain a
continuously updated shared key in an asynchronous setting where parties only come …
continuously updated shared key in an asynchronous setting where parties only come …