In this section we summarize the desired properties for a secure group key agreement protocol. Following the model of [KPT00], we define six such properties:
Weak Backward Secrecy guarantees that previously used group keys must not be discovered by new group members.
Weak Forward Secrecy guarantees that new keys must remain out of reach of former group members.
Group Key Secrecy guarantees that it is computationally infeasible for a passive adversary to discover any group key.
Forward Secrecy (Not to be confused with Perfect Forward Secrecy or PFS) guarantees that a passive adversary who knows a contiguous subset of old group keys cannot discover subsequent group keys.
Backward Secrecy guarantees that a passive adversary who knows a contiguous subset of group keys cannot discover preceding group keys.
Key Independence guarantees that a passive adversary who knows any proper subset of group keys cannot discover any other group key.
The relationship among the properties is intuitive. The first two (often typically called Forward and Backward Secrecy in the literature) are different from the others in the sense that the adversary is assumed to be a current or a former group member. The other properties additionally include the cases of inadvertently leaked or otherwise compromised group keys. Forward and Backward Secrecy is a stronger condition than Weak Forward and Backward Secrecy. Either of Backward or Forward Secrecy subsumes Group Key Secrecy and Key Independence subsumes the rest. Finally, the combination of Backward and Forward Secrecy yields Key Independence.
In this paper we do not assume key authentication as part of the group key management protocols. All communication channels are public but authentic. The latter means that all messages are digitally signed by the sender using some sufficiently strong public key signature method such as DSA or RSA. All receivers are required to verify signatures on all received messages. Since no other long-term secrets or keys are used, we are not concerned with Perfect Forward Secrecy (PFS) as it is achieved trivially.