SoK: Game-based security models for group key exchange

Comparison of security definitions


Group key exchange (GKE) protocols let a group of users jointly establish fresh and secure key material. Many flavors of GKE have been proposed, differentiated by, among others, whether group membership is static or dynamic, whether a single key or a continuous stream of keys is established, and whether security is provided in the presence of state corruptions (post-compromise security). In all cases, an indispensable ingredient to the rigorous analysis of a candidate solution is a corresponding formal security model. We observe, however, that most GKE-related publications are more focused on building new constructions that have more functionality or are more efficient than prior proposals, while leaving the job of identifying and working out the details of adequate security models a subordinate task.

In this systematization of knowledge we bring the formal modeling of GKE security to the fore by revisiting the intuitive goals of GKE, critically evaluating how these goals are reflected (or not) in the established models, and how they would be best considered in new models. We classify and compare characteristics of a large selection of game-based GKE models that appear in the academic literature, including those proposed for GKE with post-compromise security. We observe a range of shortcomings in some of the studied models, such as dependencies on overly restrictive syntactical constrains, unrealistic adversarial capabilities, or simply incomplete definitions. Our systematization enables us to identify a coherent suite of desirable characteristics that we believe should be represented in all general purpose GKE models. To demonstrate the feasibility of covering all these desirable characteristics simultaneously in one concise definition, we conclude with proposing a new generic reference model for GKE.

Keywords: group key exchange, key agreement, key establishment, security model, multi-user protocol, systematization of knowledge


Bertram Poettering, Paul Rösler, Jörg Schwenk, Douglas Stebila. SoK: Game-based security models for group key exchange. In Kenneth G. Paterson, editor, Topics in Cryptology — The Cryptographers' Track at the RSA Conference (CT-RSA) 2021, LNCS. Springer, May 2021. © Sprigner.




This research was supported by:
  • Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146
  • NSERC Discovery Accelerator Supplement grant RGPIN-2016-05146
  • European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No. 786725 – OLYMPUS
  • The research training group "Human Centered Systems Security" (NERD.NRW) sponsored by the state of North-Rhine Westphalia