Foundations of Group Key Management Framework, Security Model and a Generic Construction
Group Key Management (GKM) solves the problem of efficiently establishing and managing secure communication in dynamic groups. Many GKM schemes that have been proposed so far have been broken, as they cite ambiguous arguments and lack formal proofs. In fact, no concrete framework and security model for GKM exists in literature. This paper addresses this serious problem by providing firm foundations for Group Key Management. We provide a generalized framework for centralized GKM along with a formal security model and strong definitions for the security properties that dynamic groups demand. We also show a generic construction of a centralized GKM scheme from any given multi-receiver ID-based Key Encapsulation Mechanism (mID-KEM). By doing so, we unify two concepts that are significantly different in terms of what they achieve. Our construction is simple and efficient. We prove that the resulting GKM inherits the security of the underlying mID-KEM up to CCA security. We also illustrate our general conversion using the mID-KEM proposed in 2007 by Delerablée.
Efficient ID-Based Signcryption Schemes for Multiple Receivers
This paper puts forward new efficient constructions for Multi-Receiver Signcryption in the Identity-based setting. We consider a scenario where a user wants to securely send a message to a dynamically changing subset of the receivers in such a way that non-members of the of this subset cannot learn the message. The obvious solution is to transmit an individually signcrypted message to every member of the subset. This requires a very long transmission (the number of receivers times the length of the message) and high computation cost. Another simple solution is to provide every possible subset of receivers with a key. This requires every user to store a huge number of keys. In this case, the storage efficiency is compromised. The goal of this paper is to provide solutions which are efficient in all three measures i.e. transmission length, storage of keys and computation at both ends. We propose three new schemes that achieve both confidentiality and authenticity simultaneously in this setting and are the most efficient schemes to date, in the parameters described above. The first construction achieves optimal computational and storage cost. The second construction achieves much lesser transmission length than the previous scheme (down to a ratio of one-third), while still maintaining optimal storage cost. The third scheme breaks the barrier of ciphertext length of linear order in the number of receivers, and achieves constant sized ciphertext, independent of the size of the receiver set. This is the first Multi-receiver Signcryption scheme to do so. We support all three schemes with security proofs under a precisely defined formal security model.