{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T14:42:26Z","timestamp":1776523346283,"version":"3.51.2"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030953119","type":"print"},{"value":"9783030953126","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-95312-6_1","type":"book-chapter","created":{"date-parts":[[2022,1,29]],"date-time":"2022-01-29T17:08:51Z","timestamp":1643476131000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Multicast Key Agreement, Revisited"],"prefix":"10.1007","author":[{"given":"Alexander","family":"Bienstock","sequence":"first","affiliation":[]},{"given":"Yevgeniy","family":"Dodis","sequence":"additional","affiliation":[]},{"given":"Yi","family":"Tang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,29]]},"reference":[{"key":"1_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1007\/978-3-030-56784-2_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"J Alwen","year":"2020","unstructured":"Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Security analysis and improvements for the IETF MLS standard for group messaging. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part I. LNCS, vol. 12170, pp. 248\u2013277. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_9"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/978-3-030-64378-2_10","volume-title":"Theory of Cryptography","author":"J Alwen","year":"2020","unstructured":"Alwen, J., Coretti, S., Jost, D., Mularczyk, M.: Continuous group key agreement with active security. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 261\u2013290. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64378-2_10"},{"key":"1_CR3","unstructured":"Alwen, J., et al.: Keep the dirt: tainted treekem, adaptively and actively secure continuous group key agreement. In: 2021 IEEE Symposium on Security and Privacy (SP). IEEE (2021)"},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"Bajaj, S., Sion, R.: Ficklebase: looking into the future to erase the past. In: 2013 IEEE 29th International Conference on Data Engineering (ICDE), pp. 86\u201397. IEEE","DOI":"10.1109\/ICDE.2013.6544816"},{"key":"1_CR5","unstructured":"Barnes, R., Beurdouche, B., Millican, J., Omara, E., Cohn-Gordon, K., Robert, R.: The Messaging Layer Security (MLS) Protocol. Internet-Draft draft-ietf-mls-protocol-11, Internet Engineering Task Force, December 2020, work in Progress"},{"key":"1_CR6","unstructured":"Bellare, M., Lysyanskaya, A.: Symmetric and dual PRFs from standard assumptions: A generic validation of an HMAC assumption. Cryptology ePrint Archive, Report 2015\/1198 (2015). https:\/\/eprint.iacr.org\/2015\/1198"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-36563-X_1","volume-title":"Topics in Cryptology \u2014 CT-RSA 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1\u201318. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36563-X_1"},{"key":"1_CR8","unstructured":"Bhargavan, K., Barnes, R., Rescorla, E.: TreeKEM: Asynchronous decentralized key management for large dynamic groups (2018). https:\/\/mailarchive.ietf.org\/arch\/msg\/mls\/e3ZKNzPC7Gxrm3Wf0q96dsLZoD8"},{"key":"1_CR9","unstructured":"Bienstock, A., Dodis, Y., Tang, Y.: Multicast key agreement, revisited. Cryptology ePrint Archive, Report 2021\/1570 (2021). https:\/\/eprint.iacr.org\/2021\/1570"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-030-90456-2_3","volume-title":"Theory of Cryptography","author":"A Bienstock","year":"2021","unstructured":"Bienstock, A., Dodis, Y., Yeo, K.: Forward secret encrypted RAM: lower bounds and applications. In: Nissim, K., Waters, B. (eds.) TCC 2021, Part III. LNCS, vol. 13044, pp. 62\u201393. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90456-2_3"},{"key":"1_CR11","unstructured":"Boneh, D., Lipton, R.J.: A revocable backup system. In: USENIX Security Symposium, pp. 91\u201396 (1996)"},{"key":"1_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1007\/3-540-45682-1_18","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"E Bresson","year":"2001","unstructured":"Bresson, E., Chevassut, O., Pointcheval, D.: Provably authenticated group Diffie-Hellman key exchange\u2014the dynamic case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290\u2013309. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45682-1_18"},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/3-540-46035-7_21","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"E Bresson","year":"2002","unstructured":"Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic group Diffie-Hellman key exchange under standard assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321\u2013336. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_21"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM CCS 2003, pp. 241\u2013250. ACM Press, Washington, DC, 27\u201330 October 2003","DOI":"10.1145\/948109.948142"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: a taxonomy and some efficient constructions. In: IEEE INFOCOM 1999. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320), vol. 2, pp. 708\u2013716 (1999)","DOI":"10.1109\/INFCOM.1999.751457"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"500","DOI":"10.1007\/3-540-49116-3_47","volume-title":"STACS 99","author":"G Di Crescenzo","year":"1999","unstructured":"Di Crescenzo, G., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 500\u2013509. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-49116-3_47"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-030-90456-2_9","volume-title":"Theory of Cryptography","author":"Y Dodis","year":"2021","unstructured":"Dodis, Y., Karthikeyan, H., Wichs, D.: Updatable public key encryption in the standard model. In: Nissim, K., Waters, B. (eds.) TCC 2021, Part III. LNCS, vol. 13044, pp. 254\u2013285. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90456-2_9"},{"key":"1_CR18","unstructured":"Geambasu, R., Kohno, T., Levy, A.A., Levy, H.M.: Vanish: increasing data privacy with self-destructing data. In: USENIX Security Symposium, vol. 316 (2009)"},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Harney, H., Muckenhirn, C.: RFC2093: Group Key Management Protocol (GKMP) Specification (1997)","DOI":"10.17487\/rfc2093"},{"key":"1_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-030-17653-2_6","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"D Jost","year":"2019","unstructured":"Jost, D., Maurer, U., Mularczyk, M.: Efficient ratcheting: almost-optimal guarantees for secure messaging. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 159\u2013188. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_6"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/978-3-540-45146-4_7","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"J Katz","year":"2003","unstructured":"Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110\u2013125. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_7"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-540-24676-3_10","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"D Micciancio","year":"2004","unstructured":"Micciancio, D., Panjwani, S.: Optimal communication complexity of generic multicast key distribution. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 153\u2013170. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24676-3_10"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Mittra, S.: Iolus: A framework for scalable secure multicasting. In: Proceedings of the ACM SIGCOMM 1997 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 1997, pp. 277\u2013288. Association for Computing Machinery, New York (1997)","DOI":"10.1145\/263109.263179"},{"key":"1_CR24","unstructured":"Perrin, T., Marlinspike, M.: The double ratchet algorithm (2016). https:\/\/signal.org\/docs\/specifications\/doubleratchet\/"},{"key":"1_CR25","unstructured":"Peterson, Z.N., Burns, R.C., Herring, J., Stubblefield, A., Rubin, A.D.: Secure deletion for a versioning file system. In: FAST, vol. 5 (2005)"},{"key":"1_CR26","doi-asserted-by":"publisher","first-page":"1503","DOI":"10.1109\/ACCESS.2015.2474705","volume":"3","author":"P Porambage","year":"2015","unstructured":"Porambage, P., Braeken, A., Schmitt, C., Gurtov, A., Ylianttila, M., Stiller, B.: Group key establishment for enabling secure multicast communication in wireless sensor networks deployed for IoT applications. IEEE Access 3, 1503\u20131511 (2015)","journal-title":"IEEE Access"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Reardon, J., Basin, D., Capkun, S.: Sok: secure data deletion. In: 2013 IEEE Symposium on Security and Privacy, pp. 301\u2013315. IEEE (2013)","DOI":"10.1109\/SP.2013.28"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Reardon, J., Ritzdorf, H., Basin, D., Capkun, S.: Secure data deletion from persistent media. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 271\u2013284 (2013)","DOI":"10.1145\/2508859.2516699"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Roche, D.S., Aviv, A., Choi, S.G.: A practical oblivious map data structure with secure deletion and history independence. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 178\u2013197. IEEE (2016)","DOI":"10.1109\/SP.2016.19"},{"key":"1_CR30","unstructured":"Sedgewick, R.: Left-leaning red-black trees (2008)"},{"issue":"5","key":"1_CR31","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1109\/TSE.2003.1199073","volume":"29","author":"AT Sherman","year":"2003","unstructured":"Sherman, A.T., McGrew, D.A.: Key establishment in large dynamic groups using one-way function trees. IEEE Trans. Softw. Eng. 29(5), 444\u2013458 (2003)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"1_CR32","unstructured":"Tselekounis, Y., Coretti, S., Alwen, J., Dodis, Y.: Modular design of secure group messaging protocols and the security of MLS. In: ACM CCS 2021 (2021)"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"Wallner, D., Harder, E., Agee, R.: RFC2627: Key management for multicast: Issues and architectures (1999)","DOI":"10.17487\/rfc2627"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"Weidner, M., Kleppmann, M., Hugenroth, D., Beresford, A.R.: Key agreement for decentralized secure group messaging with strong security guarantees. Cryptology ePrint Archive, Report 2020\/1281 (2020). https:\/\/eprint.iacr.org\/2020\/1281","DOI":"10.1145\/3460120.3484542"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. In: Proceedings of the ACM SIGCOMM 1998 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 1998, pp. 68\u201379. Association for Computing Machinery, New York (1998)","DOI":"10.1145\/285243.285260"}],"container-title":["Lecture Notes in Computer Science","Topics in Cryptology \u2013 CT-RSA 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-95312-6_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T11:23:30Z","timestamp":1710329010000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-95312-6_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030953119","9783030953126"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-95312-6_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"29 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CT-RSA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cryptographers\u2019 Track at the RSA Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"San Francisco, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 February 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 February 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ctrsa2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ct-rsa-2022.auckland.ac.nz\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}