There are two commonly used strong group communication semantics: Extended Virtual Synchrony (EVS) [11, 1] and View Synchrony (VS) [7]. Both guarantee that: 1) group members see the same set of messages between two sequential group membership events, and, 2) the sender's requested message order (e.g., FIFO, Causal, or Total) is preserved. VS provides a stricter service whereas EVS implementations are generally more efficient.
The main difference between EVS and VS is that EVS guarantees that messages are delivered to all receivers in the same membership as existed when the message was originally sent on the network. VS, in contrast, offers a stricter guarantee that messages are delivered to all recipients in the same membership as viewed by the sender application when it originally sent the message.
Providing the latter property requires an extra round of acknowledgment messages from all members before installing a new membership. This need for acknowledgments dictates that the groups be closed, only allowing members of the group to send messages to it. However, the knowledge that a message is received in the membership the sender believed it was sent in makes implementing secure group communication easier because every message is encrypted with the same key as the receiver believes is current when the message is delivered to them.
An implementation of any distributed fault-tolerant group key agreement protocol requires VS. This is because, in order to implement group key agreement on top of EVS would require the key agreement protocol to incorporate and implement semantics identical to those of VS in order to correctly keep state of which messages were sent using in which key epoch. (Intuitively, this is because membership events are unpredictable and each triggers an instance of a key agreement protocol. Thus, multiple key agreement protocols can overlap in time and cause instability unless significant amount of state is kept within the key agreement protocol implementation.) For this reason, there is no particular benefit to building key agreement on top of EVS semantics.
The issues surrounding implementation of key agreement in dynamic peer groups are addressed in detail in [2]. Suffice it to say that, in the context of this paper we require for the underlying group communication to provide View Synchrony (VS). However, we stress that VS is needed for the sake of fault-tolerance and robustness; the security of our protocols is in no way affected by the lack of VS.