SUMAC: an Efficient Administrated-CGKA Using Multicast Key Agreement

Nicolas Bon; Céline Chevalier; Guirec Lebrun; Ange Martinelli

Paper 2025/682

SUMAC: an Efficient Administrated-CGKA Using Multicast Key Agreement

Nicolas Bon

, École Normale Supérieure - PSL, CryptoExperts (France)

Céline Chevalier

, École Normale Supérieure - PSL, Paris-Pantheon Assas University

Guirec Lebrun

, École Normale Supérieure - PSL, ANSSI

Ange Martinelli

, ANSSI

Abstract

Since the standardization of the Secure Group Messaging protocol Messaging Layer Security (MLS) [4 ], whose core subprotocol is a Continuous Group Key Agreement (CGKA) mechanism named TreeKEM, CGKAs have become the norm for group key exchange protocols. However, in order to alleviate the security issue originating from the fact that all users in a CGKA are able to carry out sensitive operations on the member group, an augmented protocol called Administrated-CGKA (A-CGKA) has been recently created [2]. An A-CGKA includes in the cryptographic protocol the management of the administration rights that restrict the set of privileged users, giving strong security guarantees for the group administration. The protocol designed in [2] is a plugin added to a regular (black-box) CGKA, which consequently add some complexity to the underlying CGKA and curtail its performances. Yet, leaving the fully decentralized paradigm of a CGKA offers the perspective of new protocol designs, potentially more efficient. We propose in this paper an A-CGKA called SUMAC, which offers strongly enhanced communication and storage performances compared to other A-CGKAs and even to TreeKEM. Our protocol is based on a novel design that modularly combines a regular CGKA used by the administrators of the group and a Tree-structured Multicast Key Agreement (TMKA) [9] – which is a centralized group key exchange mechanism administrated by a single group manager – between each administrator and all the standard users. That TMKA gives SUMAC an asymptotic communication cost logarithmic in the number of users, similarly to a CGKA. However, the concrete performances of our protocol are much better than the latter, especially in the post-quantum framework, due to the intensive use of secret-key cryptography that offers a lighter bandwidth than the public-key encryption schemes from a CGKA. In practice, SUMAC improves the communication cost of TreeKEM by a factor 1.4 to 2.4 for admin operations and a factor 2 to 38 for user operations. Similarly, its storage cost divides that of TreeKEM by a factor 1.3 to 23 for an administrator and 3.9 to 1,070 for a standard user. Our analysis of SUMAC is provided along with a ready-to-use open-source rust implementation that confirms the feasibility and the performances of our protocol.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: SGM MLS TreeKEM CGKA Administrated-CGKA MKA
Contact author(s): nicolas bon @ ens fr
celine chevalier @ ens fr
guirec lebrun @ ens fr
ange martinelli @ ssi gouv fr
History: 2025-04-16: approved; 2025-04-15: received; See all versions
Short URL: https://ia.cr/2025/682
License: CC BY

BibTeX

@misc{cryptoeprint:2025/682,
      author = {Nicolas Bon and Céline Chevalier and Guirec Lebrun and Ange Martinelli},
      title = {{SUMAC}: an Efficient Administrated-{CGKA} Using Multicast Key Agreement},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/682},
      year = {2025},
      url = {https://eprint.iacr.org/2025/682}
}