In this section, we introduce the four basic protocols that form the TGDH protocol suite: join, leave, merge, and partition. These protocols all share a common framework with the following notable features:
.
Upon each membership change, all members in the resulting group independently update the tree structure. Since we assume that the underlying communication system provides view synchrony (see section 3), all members who correctly execute the protocol, recompute the identical key tree after a membership event. The following fact describes the minimal requirement for a group member to compute the group key:
Since each member knows at least its own secret share (and perhaps other keys on the key path to the root), it can compute the intermediate keys on its key path, and eventually, the group (root) key. Similar to other tree-based schemes [18, 17], each member knows all the keys on the path from its leaf to the root. Minimally, as expressed in fact 1, each member knows all the blinded keys on the co-path. In our protocol, however, each member knows all the blinded keys in the key tree, which makes the subsequent protocols we present more efficient.
In our protocol, a group member might take on a special role, which can involve
to compute keys and to broadcast the blinded keys to the group, for example.
Any member in the group can take on this responsibility, we call this member
sponsor. The sponsor who handles
the membership change is determined differently for each membership event.
Despite the separate descriptions that follow, we describe a single protocol that handles all key adjustments in section 6.
