{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T09:32:21Z","timestamp":1769419941026,"version":"3.49.0"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031223648","type":"print"},{"value":"9783031223655","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-22365-5_8","type":"book-chapter","created":{"date-parts":[[2022,12,21]],"date-time":"2022-12-21T03:04:30Z","timestamp":1671591870000},"page":"213-243","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["On the\u00a0Worst-Case Inefficiency of\u00a0CGKA"],"prefix":"10.1007","author":[{"given":"Alexander","family":"Bienstock","sequence":"first","affiliation":[]},{"given":"Yevgeniy","family":"Dodis","sequence":"additional","affiliation":[]},{"given":"Sanjam","family":"Garg","sequence":"additional","affiliation":[]},{"given":"Garrison","family":"Grogan","sequence":"additional","affiliation":[]},{"given":"Mohammad","family":"Hajiabadi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2324-5671","authenticated-orcid":false,"given":"Paul","family":"R\u00f6sler","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,12,21]]},"reference":[{"key":"8_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"815","DOI":"10.1007\/978-3-031-07085-3_28","volume-title":"Advances in Cryptology","author":"J Alwen","year":"2022","unstructured":"Alwen, J., et al.: CoCoA: concurrent continuous group key agreement. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 815\u2013844. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_28"},{"key":"8_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-030-17653-2_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"J Alwen","year":"2019","unstructured":"Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 129\u2013158. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_5"},{"key":"8_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1007\/978-3-030-56784-2_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"J Alwen","year":"2020","unstructured":"Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Security analysis and improvements for the IETF MLS standard for group messaging. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part I. LNCS, vol. 12170, pp. 248\u2013277. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_9"},{"key":"8_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/978-3-030-64378-2_10","volume-title":"Theory of Cryptography","author":"J Alwen","year":"2020","unstructured":"Alwen, J., Coretti, S., Jost, D., Mularczyk, M.: Continuous group key agreement with active security. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 261\u2013290. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64378-2_10"},{"key":"8_CR5","unstructured":"Alwen, J., Jost, D., Mularczyk, M.: On the insider security of MLS. Cryptology ePrint Archive, Report 2020\/1327 (2020). https:\/\/eprint.iacr.org\/2020\/1327"},{"key":"8_CR6","unstructured":"Alwen, J., et al.: Keep the dirt: tainted treekem, adaptively and actively secure continuous group key agreement. In: 2021 IEEE Symposium on Security and Privacy (SP). IEEE (2021)"},{"key":"8_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"621","DOI":"10.1007\/978-3-030-64840-4_21","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"F Balli","year":"2020","unstructured":"Balli, F., R\u00f6sler, P., Vaudenay, S.: Determining the core primitive for optimally secure ratcheting. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part III. LNCS, vol. 12493, pp. 621\u2013650. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64840-4_21"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Barnes, R., Beurdouche, B., Robert, R., Millican, J., Omara, E., Cohn-Gordon, K.: The Messaging Layer Security (MLS) Protocol. Internet-Draft draft-ietf-mls-protocol-14, Internet Engineering Task Force (2022). https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-mls-protocol-14. Work in Progress","DOI":"10.17487\/RFC9420"},{"key":"8_CR9","unstructured":"Bhargavan, K., Barnes, R., Rescorla, E.: TreeKEM: Asynchronous Decentralized Key Management for Large Dynamic Groups (2018). pubs\/treekem.pdf https:\/\/mailarchive.ietf.org\/arch\/msg\/mls\/e3ZKNzPC7Gxrm3Wf0q96dsLZoD8"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Bienstock, A., Dodis, Y., Garg, S., Grogan, G., Hajiabadi, M., R\u00f6sler, P.: On the worst-case inefficiency of CGKA. Cryptology ePrint Archive (2022)","DOI":"10.1007\/978-3-031-22365-5_8"},{"key":"8_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-030-64378-2_8","volume-title":"Theory of Cryptography","author":"A Bienstock","year":"2020","unstructured":"Bienstock, A., Dodis, Y., R\u00f6sler, P.: On the price of concurrency in group ratcheting protocols. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 198\u2013228. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64378-2_8"},{"key":"8_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-030-95312-6_1","volume-title":"Topics in Cryptology \u2013 CT-RSA 2022","author":"A Bienstock","year":"2022","unstructured":"Bienstock, A., Dodis, Y., Tang, Y.: Multicast key agreement, revisited. In: Galbraith, S.D. (ed.) CT-RSA 2022. LNCS, vol. 13161, pp. 1\u201325. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-95312-6_1"},{"key":"8_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-030-90456-2_3","volume-title":"Theory of Cryptography","author":"A Bienstock","year":"2021","unstructured":"Bienstock, A., Dodis, Y., Yeo, K.: Forward secret encrypted RAM: lower bounds and applications. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13044, pp. 62\u201393. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90456-2_3"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Bienstock, A., Fairoze, J., Garg, S., Mukherjee, P., Raghuraman, S.: A more complete analysis of the signal double ratchet algorithm. Cryptology ePrint Archive, Report 2022\/355 (2022). https:\/\/ia.cr\/2022\/355","DOI":"10.1007\/978-3-031-15802-5_27"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Boneh, D., Papakonstantinou, P.A., Rackoff, C., Vahlis, Y., Waters, B.: On the impossibility of basing identity based encryption on trapdoor permutations. In: 49th FOCS, pp. 283\u2013292. IEEE Computer Society Press (2008)","DOI":"10.1109\/FOCS.2008.67"},{"key":"8_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1007\/978-3-662-44371-2_27","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"D Boneh","year":"2014","unstructured":"Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 480\u2013499. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_27"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: a taxonomy and some efficient constructions. In: IEEE INFOCOM 1999. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320), vol. 2, pp. 708\u2013716 (1999)","DOI":"10.1109\/INFCOM.1999.751457"},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"Canetti, R., Jain, P., Swanberg, M., Varia, M.: Universally composable end-to-end secure messaging. Cryptology ePrint Archive, Report 2022\/376 (2022). https:\/\/ia.cr\/2022\/376","DOI":"10.1007\/978-3-031-15979-4_1"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Chung, K.M., Lin, H., Mahmoody, M., Pass, R.: On the power of nonuniformity in proofs of security. In: Kleinberg, R.D. (ed.) ITCS 2013, pp. 389\u2013400. ACM (2013)","DOI":"10.1145\/2422436.2422480"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS P), pp. 451\u2013466 (2017)","DOI":"10.1109\/EuroSP.2017.27"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1802\u20131819. ACM Press (2018)","DOI":"10.1145\/3243734.3243747"},{"key":"8_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-319-78381-9_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"S Coretti","year":"2018","unstructured":"Coretti, S., Dodis, Y., Guo, S., Steinberger, J.: Random oracles and non-uniformity. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part I. LNCS, vol. 10820, pp. 227\u2013258. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_9"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Dowling, B., Hauck, E., Riepel, D., R\u00f6sler, P.: Strongly anonymous ratcheted key exchange. In: ASIACRYPT 2022. LNCS (2022)","DOI":"10.1007\/978-3-031-22969-5_5"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Harney, H., Muckenhirn, C.: RFC2093: Group key management protocol (GKMP) specification (1997)","DOI":"10.17487\/rfc2093"},{"key":"8_CR25","doi-asserted-by":"publisher","unstructured":"Mittra, S.: Iolus: a framework for scalable secure multicasting. In: Proceedings of the ACM SIGCOMM 1997 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 1997, pp. 277\u2013288. Association for Computing Machinery, New York (1997). https:\/\/doi.org\/10.1145\/263105.263179","DOI":"10.1145\/263105.263179"},{"key":"8_CR26","unstructured":"Perrin, T., Marlinspike, M.: The double ratchet algorithm (2016). https:\/\/signal.org\/docs\/specifications\/doubleratchet\/"},{"key":"8_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1007\/978-3-030-75539-3_7","volume-title":"Topics in Cryptology \u2013 CT-RSA 2021","author":"B Poettering","year":"2021","unstructured":"Poettering, B., R\u00f6sler, P., Schwenk, J., Stebila, D.: SoK: game-based security models for group key exchange. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, vol. 12704, pp. 148\u2013176. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75539-3_7"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"R\u00f6sler, P., Mainka, C., Schwenk, J.: More is less: on the end-to-end security of group chats in signal, Whatsapp, and Threema. In: 2018 IEEE European Symposium on Security and Privacy, EuroS &P 2018 (2018)","DOI":"10.1109\/EuroSP.2018.00036"},{"issue":"5","key":"8_CR29","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1109\/TSE.2003.1199073","volume":"29","author":"AT Sherman","year":"2003","unstructured":"Sherman, A.T., McGrew, D.A.: Key establishment in large dynamic groups using one-way function trees. IEEE Trans. Softw. Eng. 29(5), 444\u2013458 (2003)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"8_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-540-30598-9_15","volume-title":"Security in Communication Networks","author":"NP Smart","year":"2005","unstructured":"Smart, N.P.: Efficient key encapsulation to multiple parties. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 208\u2013219. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30598-9_15"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"Wallner, D., Harder, E., Agee, R.: RFC2627: key management for multicast: issues and architectures (1999)","DOI":"10.17487\/rfc2627"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Weidner, M., Kleppmann, M., Hugenroth, D., Beresford, A.R.: Key agreement for decentralized secure group messaging with strong security guarantees. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 2024\u20132045. ACM Press (2021)","DOI":"10.1145\/3460120.3484542"},{"key":"8_CR33","doi-asserted-by":"publisher","unstructured":"Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. In: Proceedings of the ACM SIGCOMM 1998 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 1998, pp. 68\u201379. Association for Computing Machinery, New York (1998). https:\/\/doi.org\/10.1145\/285237.285260","DOI":"10.1145\/285237.285260"}],"container-title":["Lecture Notes in Computer Science","Theory of Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-22365-5_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,21]],"date-time":"2025-12-21T01:02:13Z","timestamp":1766278933000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-22365-5_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031223648","9783031223655"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-22365-5_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"21 December 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"TCC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Theory of Cryptography Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Chicago, IL","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 November 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 November 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"tcc2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/tcc.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"139","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"43% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.1","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}