The formal description Clause Samples

The formal description. ▇ Round 1: The chosen group leader, ▇▇ makes a initial request (INIT) with his identity, ▇▇ and a random nonce Nl to the group . Round 2: Each interested Mi responds to the INIT request, with a IREPLY message which contains his identity Ui, a nonce Nl and a blinded secret gri to Ml (see Table 2 for exact message contents). { } ∈ M \ { } Round 3: Ml collects all the received blinded secrets, raises each of them to its secret (rl) and broadcasts them along with the original contributions to the group, i.e. it sends an IGROUP message which contains Ui, Ni, gri , grirl for all i l . Key Calculation: Each Mi checks if its contribution is included correctly and obtains grl by computing (grirl )r−1 . The group key is Key = grl ∗ Πi∈M\{l}grirl = grl(1+Pi∈M\{l} ri). 1) The original contributions gri are included in the last message as they are required for key calculation in case of group modifications (see below), and also, because it may be possible that a particular contribution has not been received by some member. 2) Even though Πi∈M\{l}grirl is publicly known, it is included in key computation, to derive a key composed of everyone’s contribution. This ensures that the key is not pre-determined and is unique to this session. 3) Even though the current group leader chooses his contribution after others, he cannot pre- determine the group key. The protocol is formally defined in Table 2. Table 3 (respectively Table 4) show how the protocol is run when a group wants to join (respectively leave) an existing group