Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization

Document Type Expired Internet-Draft (individual)
Last updated 1999-03-03
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


We present a scalable method for establishing group session keys for secure large, dynamic groups such as multicast sessions. Our method is based on a novel application of One-Way Function Trees (OFTs). The number of keys stored by group members, the number of keys broadcast to the group when new members are added or evicted, and the computational efforts of group members, are logarithmic in the number of group members. The method provides perfect forward and backward security: evicted members cannot read future messages, even with collusion by arbitrarily many evicted members, and newly admitted group members cannot read previous messages.


David Balenson (
David McGrew (
Alan Sherman (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)