Download presentation
Presentation is loading. Please wait.
Published byDarcy Richards Modified over 9 years ago
1
Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups David Insel John Stephens Shawn Smith Shaun Jamieson
2
Outline Algorithm Join: a new member is added to the group Merge: a subgroup is added to the group Leave:a member is removed from the group Partition: a subgroup is split from the group Key Refresh:The group key is updated Tree Management
3
Algorithm Each member note is a Leaf in the tree, and is connected by an intermediate node. for each member, there is a public (blinded) key and a private key the public key would be calculated by using a modular function such as Diffie-Hellman public key = f( private key ) for each pair of nodes connected by an intermediate node, a given member can calculate a key for the intermediate node by using that member's key and the other node's public key using the given function: key = ( public key ) ^ ( private key ) mod p where 'p' is some prime by applying this to the node path up to the root, a given member can calculate an overall group key for security purposes, this group key is then hashed, and then used to encrypt the transmission also for security purposes, at lease one member needs to change their key so the group key is different for each transmission
4
Join Steps: 1. new member sends a join request message containing his blind key 2. Determine the insertion node to be either 2a) rightmost leave node in the subtree in an unbalanced tree or 2b) joining the root node 3. The sponsor (the one that the new member will "attach to") creates a new intermediate node to separate itself from the insertion point 4. The new intermediate node is promoted to become the parent of the sponsor and the new node 5. New member is added to tree and group key is regenerated using new set of blind keys. 6. Sponsor broadcasts the new key to the group.
5
Merge Merge protocol: A group merge is basically a multiple node addition. It can be voluntary or involuntary, and may be the result of 'network fault heal' or an 'explicit (application-driven) merge'. Step1: The sponsor (the rightmost node) of each group broadcasts its tree information (blinded keys) to the other group. Step2: Once received, each group member can uniquely and independently determine the merge position of the tree. Step2a: If the trees are the same height they merge at the root. An 'insertion node' is generated with the two former root nodes as its children Step2b: If the trees are not the same height the insertion node is the rightmost shallowest node, where the join doesn't increase the height of the tree. If such a join point cannot be found merge at the root as described in 2a.
6
Leave The leaving node is removed from the tree Any siblings are promoted to replace the node’s parent node The sponsor picks a new secret share Then the sponsor computes all keys on its path up to the root Finally the new set of blinded keys is broadcast to the group
7
Partition Protocol: 1. Every member updates its tree by deleting all partitioned members and their respective parent nodes. This is done in the following manner: a. All leaving nodes are sorted in order of depth. b. Starting at the deepest level, each pair of siblings is collapsed into its parent and marked as leaving. c. The node is then moved to the "leaving nodes" list. d. Steps b & c are repeated for all leaving nodes. e. For each [parent] node in the "leaving nodes" list, one of their children is not leaving. f. For each node, a sponsor is identified and using the LEAVE PROTOCOL, they are removed. 2. Each sponsor computes the keys and blinded keys on its key-path as far up the tree as possible. 3. Each sponsor broadcasts the set of new blinded keys. 4. Upon reception of the broadcast, each member checks to see whether the message contains a new blinded key. 5. Steps 2-4 are repeated until all members obtain the group key (the group key can be computed if the member has all the blinded keys on its co-path). 6. To prevent from re-using an old key, one of the members changes its key share. 7. Each member detects the end of the partition protocol independently - it is complete once the member knows all the blinded keys (and thus can compute the group key).
8
Key Refresh Basically a special case of leave Right most member leaves and Re-joins Could be considered a null leave
9
Tree Management As a special note balanced trees are desired. The modular exponentiation used in TGHD can be quite expensive. Moreover, the number of these exponentiations for membership events varies, depending on the tree structure. Examples: Joining at the root requires exactly two modular exponentiations. A join to a leaf node requires [log2 n] where n is the current number of users. This shows that joining at the root always requires the minimal number of exponentiations for additive membership operations. However, if n members join to the root, then the tree becomes unbalanced (similar to linked lists). And IF a member in the deepest node leaves the group, n- 1 exponentiations are required. Conversely, if a key tree is fully balanced the number of exponentiations is [log2 n]. All this being said, a well-balanced tree reduces the cost of leaves. And thus the reason this protocol chooses the insertion to be the right most shallowest node which does not increase the height
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.