Protocol Unification

Although described separately in the preceding sections, the four TGDH operations: join, leave, merge and partition, actually represent different strands of a single protocol. We justify this claim with an informal argument below.

Obviously, join and leave are special cases of merge and partition, respectively. It is less clear that merge and partition can be collapsed into a single protocol, because in either case, the key tree changes and the remaining group members lack some number (sometimes none) of blinded keys which prevents them from computing the new root key. When a partition occurs, the remaining members (in any surviving fragment) reconstruct the tree where some blinded keys are missing. In case of a merge, let us suppose that a taller (deeper) tree $A$ is merged with a shorter (shallower) tree $B$. Similar to a partition, all members formerly in $A$ construct the new tree where some blinded keys - those in $B$ - are missing. (This view is symmetric since the members in $B$ see the same tree but with missing blinded keys in the subtree $A$.)

We established that both partition and merge initially result in a new key tree with a number of missing blinded keys. In case of merge, the missing blinded keys can be distributed in two rounds. This is because a sponsorin both of $A$ and $B$ broadcasts its own subtree including all blinded keys. Any member in a given subtree can compute the new root key after receiving both broadcasts. The case of partition is very similar except that the missing blinded keys are not concentrated in a new subtree (as in merge) but are, in the most general case, spread all around. As we discuss in section 5.4, every member reconstructs the key tree after a partition in at most $h$ rounds, where $h$ is the tree height. The merge scenario can be viewed as a special case of partition that always completes in two rounds.

  
Figure 8: Unified protocol pseudocode

This apparent similarity between partition and merge allows us to lump the protocols stemming from all membership events into a single, unified protocol. Figure 8 shows the pseudocode. The incentive for this is threefold. First, unification allows us to simplify the implementation and minimize its size. Second, the overall security and correctness are easier to demonstrate with a single protocol. Third, we can now claim that (with a slight modification) the TGDHprotocol is self-stabilizing and fault-tolerant as discussed below.