A formal framework for comparing group key agreement protocols with partial forward secrecy

Group key agreement protocols form an essential part of secure group communications. Providing perfect forward secrecy is one of the security requirements of group key agreement protocols. However not all protocols can meet the above requirement and they provide only partial forward secrecy. Partial forward secrecy considers the secrecy of a previously agreed session key, when some long-term keys used in the computation of session key, is compromised. Among the protocols which satisfy partial forward secrecy, the one with lesser probability of loss of session key given that the long-term keys are probably compromised, would be stronger than those with a higher probability of loss of session key given that the long-term keys are compromised with the same probability. To the best of our understanding no formal technique has been proposed for comparing protocols providing partial forward secrecy. We propose a formal framework for comparing group key agreement protocols with respect to partial forward secrecy. A metric - degree of partial forward secrecy - has been introduced to make the comparison. An algorithm is proposed for the computation of the metric. The proposed formal framework is illustrated by comparing a set of group key agreement protocols providing a wide range of partial forward secrecy and which uses different cryptographic primitives. The formal framework would be first step towards development of tools for comparison of group key agreement protocols with respect to partial forward secrecy.