Hybrid Group Key Exchange with Application to Constrained Networks

We expand the security model for group key exchange of Poettering et al. (CT-RSA 2021) to allow for more fine-tuned reveal of both state and keying material. The expanded model is used to analyse the security of hybrid group key exchange schemes, compositions of distinct group key exchange schemes where either subprotocol may be separately compromised. We then construct a hybrid group key exchange protocol that we show to be as secure as its sub-protocols. Furthermore, we use the notion of a secure element to develop a lightweight, low transmission group key exchange protocol. This protocol is used to develop a hybrid scheme that offers dynamic group membership and is suitable for use in constrained networks.