Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement (CGKA) protocol allows a group of users to share a cryptographic secret in a dynamic manner, such that the secret is modified in member insertions and deletions. Although this flexibility makes MLS ideal for implementations in distributed environments, a number of issues need to be overcome. Particularly, the use of digital certificates for authentication in a group goes against the group members' privacy. In this work we provide an alternative method of authentication in which the solicitors, instead of revealing their identity, only need to prove possession of certain attributes, dynamically defined by the group, to become a member. Instead of digital certificates, we employ Attribute-Based Credentials accompanied with Selective Disclosure in order to reveal the minimum required amount of information and to prevent attackers from linking the activity of a user through multiple groups. We formally define a CGKA variant named Attribute-Authenticated Continuous Group Key Agreement (AA-CGKA) and provide security proofs for its properties of Requirement Integrity, Unforgeability and Unlinkability. We also provide guidelines for an integration of our construction in MLS.

翻译：消息层安全（MLS）及其底层连续群组密钥协商（CGKA）协议允许一组用户以动态方式共享密码学秘密，使得该秘密在成员插入与删除时能够相应修改。尽管这一灵活性使MLS适用于分布式环境中的实现，但仍需克服若干问题，特别是群组中使用数字证书进行身份认证会损害成员隐私。本文提出一种替代性认证方法：申请者无需暴露身份，只需证明其具备由群组动态定义的特定属性即可成为成员。我们采用属性凭证结合选择性披露技术替代数字证书，以仅披露必要信息并防止攻击者通过多个群组关联用户活动。我们形式化定义了一种名为属性认证连续群组密钥协商（AA-CGKA）的CGKA变体，并提供了其需求完整性、不可伪造性和不可链接性安全属性的证明，同时给出了在MLS中集成我们构建方案的指导原则。