Efficient state updates for key management

Encryption is widely used to enforce usage rules for digital content. In many scenarios content is encrypted using a group key which is known to a group of users that are allowed to use the content. When users leave or join the group, the group key must be changed. The logical key hierarchy (LKH) algorithm is a very common method of managing these key changes. In this algorithm every user keeps a personal key composed of log n keys (for a group of n users). A key update message consists of O(log n) keys. A major drawback of the LKH algorithm is that users must update their state whenever users join or leave the group. When such an event happens, a key update message is sent to all users. A user who is offline during t key updates, and who needs to learn the keys sent in these updates as well as update its personal key, should receive and process the t key update messages, of total length O(t log n) keys. In this paper, we show how to reduce this overhead to a message of O(log t) keys. We also note that one of the methods that are used in this work to reduce the size of the update message can be used in other scenarios as well. It enables one to generate n pseudorandom keys of length k bits each, such that any successive set of t keys can be represented by a string log(t)·k bits, without disclosing any information about the other keys.